Detections from windows 7 to server were identified "exploit-cve 2010-2568", scanned the souce machine ans not found any detections with VSE and stinger scan.
Created AP rule to block creation of new .lnk files and identified this is executing by mstsc.exe, user of windows 7 machine is taken RDP to one of the infected machine.
7/24/2014 11:19:45 AM Blocked by Access Protection rule C:\Windows\system32\mstsc.exe E:\Old_Data_E\code\Misc_code\code_CI\B_C_I_1_2_0_new\libs\FlashUpgrade\NetFx_30_SP1_ENU_License.rtf.lnk User-defined Rules:Ink being created Action blocked : Create
Please suggest if this copying .lnk files from remote desktop , or else is it executing from same machine only.
If the current DAT does not detect the infection, I would suggest to collect 5 or 10 .lnk files and submitt them to McAfee Labs to be analyzed. They will send an extraDAT if the files are new detection.
current DAT is detecting the infections, i wanted know that ... is there any possbility that RDP can copy infections from one machine to another?
As observed in the AP logs, it is executing by mstsc.exe.
If I understood correctly from AP logs, mstsc.exe trying to create some junk files and rule blocking the same.
IF we isolate this machine and scan with any tool , no detections were appeared.
in that case mstsc.exe is only executed for Remote Desktop to infected machine and which is creating problem.