I keep getting emails from my firewall regarding the following:
Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host:
www.accurint.com path: /favicon.ico
I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing. Is this an issue I should be worried about?
I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.
This is only one example of the email, if you need any more information, let me know.
Thanks!
In Subcription Services go to IPS, -> Exclusions -> Addd -> WG-1110555
Make sure the WG is capital otherwise it will not take it. I am looking to contact WG support to troubleshoot further but looks like a bad IPS signature at this point