This content has been marked as final. Show 12 replies
I have exactly the same problem, we had many computers who were infected by conficker but everything is clean now (according to McAfee Enterprise 8.7.0i and the Microsoft Malicious software removal tool).
Now some computers also show the same message as Gerry's.
Our ePolicy 4.5.0 shows svchost.exe as the thread source and _:kernel32.loadlibraryA as the "Threat target file path".
Thanks for the help.
Is it possible that this is a legimate but buggy program that is causing this? If so, how does one discover the source of the error?
There is a McAfee file called BufferOverflowProtectionLog.txt that I have heard about but do not see on my own PC. What application is supposed to generate this log?
The McAfee applications I am running are:
I have used Process Explorer to look at the various processes running on my running svchost applications but see nothing odd or unusual.
cws, as you are using Enterprise products, most likely in a Corporate environment, you are better served posting in the Corporate area: http://community.mcafee.com/forumdisplay.php?f=122
GerryMarkham post #2 in this thread should help: http://community.mcafee.com/showthread.php?t=231313&highlight=Buffer+overflow
Hi Ex_brit, thanks for your response. The post you pointed out indicates that most crashes and errors dealing with buffer overflows in Windows will come from an outside source aka a Third Party application or plugin.
Some questions that come to mind are:
1. Do you have any suggestions on methods to find the source of the error (i.e. which program or process is causing the buffer overflow) ?
2. Can you tell me what McAfee program generates the BufferOverflowProtectionLog.txt log that I have read about?
3. Is there a way to turn off the Buffer Overflow detection specifically while leaving the other virus detection facilities in place?
Not without leaving you open to any infections.
Basically these things shouldn't occur if Windows is kept totally up to date with both critical and non-critical updates plus you keep software, driver etc. up to date, expecially Java, Flash and suchlike.
It helps too to have some extra anti-spyware tools handy: http://community.mcafee.com/showthread.php?t=136913
I'm no expert in this field however, so hopefully someone else will spot this and throw their views in.
Did you do the scans mentioned in that post?
OK my scans revealed only one unopened "delivery failed" email with Win32\Sober.Y virus (deleted) and a registry flag belonging to McAfee (ignored):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter)
I will see today if I am still getting the buffer overflows.