In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!
Microsoft DirectShow QuickTime Atom Size memory corruption error
I keep getting emails from my firewall regarding the following:
Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing. Is this an issue I should be worried about?
I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.
This is only one example of the email, if you need any more information, let me know.
Thanks!
Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing. Is this an issue I should be worried about?
I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.
This is only one example of the email, if you need any more information, let me know.
Thanks!
Asked:
Who is Participating?
Were you able to reach any solutions w/ Watchguard? I'm hesitant to do a case # with them since they will charge me.
Exclude this specific signature as described above, I don't see this as a major threat especially since it detects everything as a threat.
Hi everyone,
I had this same issue earlier this week. It appears, as Paulsolov said above, to be a problem with recent signatures for the IPS that were released by WatchGuard. I added WG-1110555 to the exceptions list in Intrusiuon Protection and it solved the issue. I have a message out to WatchGuard inquiring about it but no one has responded. Just FYI.
I had this same issue earlier this week. It appears, as Paulsolov said above, to be a problem with recent signatures for the IPS that were released by WatchGuard. I added WG-1110555 to the exceptions list in Intrusiuon Protection and it solved the issue. I have a message out to WatchGuard inquiring about it but no one has responded. Just FYI.
as an aside to the original question, does the firebox firewall come with blacklist controls for email?
If you take a look at the error it is not email related as it is on port 80
WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
The Watchguard has spamblocker as well as smtp proxy for mail filtering but that is a different issue
WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
The Watchguard has spamblocker as well as smtp proxy for mail filtering but that is a different issue
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month11 days, 9 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
In Subcription Services go to IPS, -> Exclusions -> Addd -> WG-1110555
Make sure the WG is capital otherwise it will not take it. I am looking to contact WG support to troubleshoot further but looks like a bad IPS signature at this point