We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
4 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Microsoft DirectShow QuickTime Atom Size memory corruption error
Posted on 2011-03-08
I keep getting emails from my firewall regarding the following:
Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing. Is this an issue I should be worried about?
I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.
This is only one example of the email, if you need any more information, let me know.
Thanks!
Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing. Is this an issue I should be worried about?
I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.
This is only one example of the email, if you need any more information, let me know.
Thanks!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
5
4
10 Comments
Active 4 days ago
Had this issue with a customer today, it looks like a false positive on the IPS definitions. It will block some and cause problems with many valid sites.
In Subcription Services go to IPS, -> Exclusions -> Addd -> WG-1110555
Make sure the WG is capital otherwise it will not take it. I am looking to contact WG support to troubleshoot further but looks like a bad IPS signature at this point
In Subcription Services go to IPS, -> Exclusions -> Addd -> WG-1110555
Make sure the WG is capital otherwise it will not take it. I am looking to contact WG support to troubleshoot further but looks like a bad IPS signature at this point
Were you able to reach any solutions w/ Watchguard? I'm hesitant to do a case # with them since they will charge me.
Active 4 days ago
Exclude this specific signature as described above, I don't see this as a major threat especially since it detects everything as a threat.
Hi everyone,
I had this same issue earlier this week. It appears, as Paulsolov said above, to be a problem with recent signatures for the IPS that were released by WatchGuard. I added WG-1110555 to the exceptions list in Intrusiuon Protection and it solved the issue. I have a message out to WatchGuard inquiring about it but no one has responded. Just FYI.
I had this same issue earlier this week. It appears, as Paulsolov said above, to be a problem with recent signatures for the IPS that were released by WatchGuard. I added WG-1110555 to the exceptions list in Intrusiuon Protection and it solved the issue. I have a message out to WatchGuard inquiring about it but no one has responded. Just FYI.
as an aside to the original question, does the firebox firewall come with blacklist controls for email?
Active 4 days ago
If you take a look at the error it is not email related as it is on port 80
WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
The Watchguard has spamblocker as well as smtp proxy for mail filtering but that is a different issue
WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico
The Watchguard has spamblocker as well as smtp proxy for mail filtering but that is a different issue
Featured Post
Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the Security Value Map? See the map and download the full report today!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
Two types of users will appreciate AOMEI Backupper Pro:
1 - Those with PCIe drives (and haven't found cloning software that works on them).
2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month4 days, 20 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.