Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Microsoft DirectShow QuickTime Atom Size memory corruption error

Posted on 2011-03-08
10
Medium Priority
?
535 Views
Last Modified: 2012-05-11
I keep getting emails from my firewall regarding the following:

Appliance: FireboxX550e
Time: Tue Mar 08 12:49:05 2011 (CST)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop:  Reason: HTTP Body IPS match Source IP: 192.168.x.xxx Source Port: 2345 Destination IP: 209.243.48.54 Destination Port: 80 ips_msg: EXPLOIT Microsoft DirectShow QuickTime Atom Size memory corruption -1 signature_id: WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico

I have tried restarting my firewall, checking for viruses/malware on the workstations that are reporting this, yet find nothing.  Is this an issue I should be worried about?

I am running a Windows Server 2003 controlled network, all workstations have Windows XP Pro w/ SP3 installed.

This is only one example of the email, if you need any more information, let me know.

Thanks!
0
Comment
Question by:paulms53
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 42

Accepted Solution

by:
Paul Solovyovsky earned 2000 total points
ID: 35079591
Had this issue with a customer today, it looks like a false positive on the IPS definitions.  It will block some and cause problems with many valid sites.  

In Subcription Services go to IPS, -> Exclusions -> Addd -> WG-1110555

Make sure the WG is capital otherwise it will not take it.  I am looking to contact WG support to troubleshoot further but looks like a bad IPS signature at this point
0
 
LVL 1

Author Comment

by:paulms53
ID: 35087874
are you aware of anyone else having the same problem with the IPS definitions?
0
 
LVL 42

Expert Comment

by:Paul Solovyovsky
ID: 35088151
Yes, several customers have had this issue as of yesterday.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 1

Author Comment

by:paulms53
ID: 35088164
Were you able to reach any solutions w/ Watchguard?  I'm hesitant to do a case # with them since they will charge me.
0
 
LVL 42

Expert Comment

by:Paul Solovyovsky
ID: 35088274
Exclude this specific signature as described above, I don't see this as a major threat especially since it detects everything as a threat.
0
 

Expert Comment

by:Ad-Apex
ID: 35108047
Hi everyone,

I had this same issue earlier this week.  It appears, as Paulsolov said above, to be a problem with recent signatures for the IPS that were released by WatchGuard.  I added WG-1110555 to the exceptions list in Intrusiuon Protection and it solved the issue.  I have a message out to WatchGuard inquiring about it but no one has responded. Just FYI.
0
 
LVL 1

Author Comment

by:paulms53
ID: 35111445
as an aside to the original question, does the firebox firewall come with blacklist controls for email?
0
 
LVL 1

Author Comment

by:paulms53
ID: 35111450
watchguard firebox is what i meant
0
 
LVL 42

Expert Comment

by:Paul Solovyovsky
ID: 35112244
If you take a look at the error it is not email related as it is on port 80

WG-1110555 threat_level: 80 signature_cat: http-client host: www.accurint.com path: /favicon.ico


The Watchguard has spamblocker as well as smtp proxy for mail filtering but that is a different issue

0
 
LVL 1

Author Comment

by:paulms53
ID: 35112246
k
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question