McAfee support is still to get back with us, to offer any solution to this problem. They indicated that the new version I am running 8.5 may detect these as a slammer event and produce reports. However, I am now frequently getting this error and am curious as to whether this is an escalation of sqlslammer incidents, and whether the newer Virusscan engine(4400), also has vulnerability as the earlier one which may produce buffer error as slammers. Just reporting, incase someone here has a brainstorm.
I've got win xp sp2 running with mcafee enterprise edition and keep getting the sqlslammer virus warning. I have tried downloading different removal software but it doesn't find the program, but it must be there as there is massive slowdown with my connection and no spyware or adware found. I did a full system restore on my system to try to get rid of the thing but no success. GGGGRRRRRRRR this thing is driving me mad!!! If anyone has got any ideas they are more than welcome!!!!!
On a slightly more positive note: Happy New Year all!!!
Thanks for posting your findings, that's really interesting... I've seen slammer IDS alerts non-stop since implementing the MDF, and always assumed it was nothing more than Internet background virus traffic... most viruses never completely vanish, there will always be a few machines locked away that become infected but no admin realises.
I'm sorry for opening an old conversation but it somewhat applies. (I think)
I've installed HIPS on about 30 pilot users and two of them have received an Intrusion Attack of IPS signature MSSQL Resolution Service Buffer Overflow (Slammer), ID 3720.
One of these users has the SQL Enterprise Management tools only, the other does not. The source address has changed on both occations and there is no application listed in the activity logs.
From what I read, this is only for server 2000 or the MSDE which neither have. Is this a false positive or what am I looking at and how do I avoid the alert to pop up for others when this goes live for the rest of the company?