4 Replies Latest reply on Oct 26, 2011 12:45 AM by Sailendra Pamidi

    Services.exe generates event ID 18000 trying to alter registry value synattackprotect

    kenobeno

      All,

       

      We just installed ePO 4.5 and we are getting this event ID thousands of times in the threat event log.  The process is C:\WINDOWS\SYSTEM32\SERVICES.EXE and it's being blocked trying to modify the registry entry \REGISTRY\MACHINE\SYSTEM\CONTROLSET\SERVICES\TCPIP\PARAMETERS\SYNATTACKPROTECT.

       

      Is this a valid threat or is there some type of exclusion or exception I have to make?

       

      Our network was running with ePO 4.0 before we stood up the 4.5 server so I seriously doubt this is a valid threat.

       

      Thanks, Ken