1 Reply Latest reply on Mar 21, 2011 6:02 PM by Kary Tankink

    HIPS alert 'Host intrusion (hip.Illegal_API_Use)' regarding outlook? v8

    pierce

      Testing HIPS v8.0 and get the following alert the most. Any one seen it before?

       

      Only useful information from looking at this alert is as follows:

       

      Threat Source Process Name:C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE

      Threat Source URL:file:///C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE

      Event Category:Host intrusion (hip.Illegal_API_Use)

      Event ID:18000

      Threat Severity:Critical

      Threat Name:3776

      Threat Type:bad_parameter

      Action Taken:Blocked

      Threat Handled:true

       

      API Name CompatFlagsFromClsid

      Detailed Event Info 10072CEC-8CC1-11D1-986E-00A0C955B42E

      ePO Reachable True

      Executable file description MICROSOFT OFFICE OUTLOOK

      Executable fingerprint 40120a867340912ccddba413a66e85b3

      In Trusted Network Unknown

      Subject Distinguished Name CN=MICROSOFT CORPORATION, OU=MOPR, O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US

      Subject Organization Name MICROSOFT CORPORATION

      Vulnerability Name Vulnerable ActiveX Control Loading A

       

      Just dont want this filling up the database needlessly or blocking needlessly.

       

      thanks,

      Pierce