cancel
Showing results for 
Search instead for 
Did you mean: 
hbss_admin
Level 9

Issues with Signature 933 Network DoS Protection Settings Modified

I have a signature that comes up hundreds of times a day in our event logs and made an exception for it 2 weeks ago, but it still keeps popping up daily in our event logs, and it the process still keeps getting blocked. The following is a summary of the exception.

Would it be safe to make C:\WINDOWS\system32\services.exe a trusted application instead?

PG

***************************

Exception name:   Network DoS Protection Settings Modified 

Status:  Enabled 

Policy name:  Policy - Servers (Template) 

Created:  Thu Jul 14 18:42:10 EDT 2011 by xxxx

Modified:  Tue Jul 26 17:27:05 EDT 2011 by xxxx 

Notes:  

Parameters:  1.new_data = 01000000

2.values = \REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKPROTECT

Processes:  1.C:\WINDOWS\system32\services.exe

Users and groups:  1.   NT Authority\Local System 

Signatures:  1.   933

0 Kudos
3 Replies
hbss_admin
Level 9

Re: Issues with Signature 933 Network DoS Protection Settings Modified

Hmm, what a dork. I might have answered my own question. The policy I made the exception on was not the policy applied to the OU the server was in.

Let me watch this a couple days and see if the event logs drop off.

0 Kudos
hbss_admin
Level 9

Re: Issues with Signature 933 Network DoS Protection Settings Modified

Actually, the last part of my first post stills stands though.

Is it safe to make C:\WINDOWS\system32\services.exe a trusted application? Or is that executable easily exploited by the bad guys?

0 Kudos
McAfee Employee

Re: Issues with Signature 933 Network DoS Protection Settings Modified

 Is it safe to make C:\WINDOWS\system32\services.exe a trusted application?

No, I would not recommend this.

0 Kudos