Endpoint Protection

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM

This is interesting as we have started getting these. Not looked into it fully, have you found anything about it?
Seems local which is it's not on the published list of attacks.

------------------------------
IT Support
------------------------------

Original Message:
Sent: 06-23-2020 06:04 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM

We opened case about it and not getting anywhere... (32070296)

Hopefully this week it moves. So far support is claiming that this is to be expected however it does not make much sense.

------------------------------
STF Consulting LLC
------------------------------

Original Message:
Sent: 07-04-2020 07:03 AM
From: James L
Subject: IPS Signature Missing on SEPM Server

This is interesting as we have started getting these. Not looked into it fully, have you found anything about it?
Seems local which is it's not on the published list of attacks.

------------------------------
IT Support

Original Message:
Sent: 06-23-2020 06:04 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM

I've gotten several of these just this week.  Also another one: Audit: Environment Config File Download Attempt attack detected but not blocked.

This is concerning, since these are outgoing events and I'm not sure exactly what they mean.  Did you get any further info from your case with Broadcom?

------------------------------
Synergetic Office Systems| Inc.
------------------------------

Original Message:
Sent: 07-06-2020 06:39 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

We opened case about it and not getting anywhere... (32070296)

Hopefully this week it moves. So far support is claiming that this is to be expected however it does not make much sense.

------------------------------
STF Consulting LLC

Original Message:
Sent: 07-04-2020 07:03 AM
From: James L
Subject: IPS Signature Missing on SEPM Server

This is interesting as we have started getting these. Not looked into it fully, have you found anything about it?
Seems local which is it's not on the published list of attacks.

------------------------------
IT Support

Original Message:
Sent: 06-23-2020 06:04 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM

We still have the case open. It was not easy to escalate it. We had to provide a ton of logs. Maybe we can get somewhere. Will let everyone know.

------------------------------
STF Consulting LLC
------------------------------

Original Message:
Sent: 07-27-2020 12:21 PM
From: Deborah Lane-Olson
Subject: IPS Signature Missing on SEPM Server

I've gotten several of these just this week.  Also another one: Audit: Environment Config File Download Attempt attack detected but not blocked.

This is concerning, since these are outgoing events and I'm not sure exactly what they mean.  Did you get any further info from your case with Broadcom?

------------------------------
Synergetic Office Systems| Inc.

Original Message:
Sent: 07-06-2020 06:39 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

We opened case about it and not getting anywhere... (32070296)

Hopefully this week it moves. So far support is claiming that this is to be expected however it does not make much sense.

------------------------------
STF Consulting LLC

Original Message:
Sent: 07-04-2020 07:03 AM
From: James L
Subject: IPS Signature Missing on SEPM Server

This is interesting as we have started getting these. Not looked into it fully, have you found anything about it?
Seems local which is it's not on the published list of attacks.

------------------------------
IT Support

Original Message:
Sent: 06-23-2020 06:04 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM

You ever determine anything regarding this?  Looks like we have a system receiving these as well now
Original Message:
Sent: 07-28-2020 05:22 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

We still have the case open. It was not easy to escalate it. We had to provide a ton of logs. Maybe we can get somewhere. Will let everyone know.

------------------------------
STF Consulting LLC

Original Message:
Sent: 07-27-2020 12:21 PM
From: Deborah Lane-Olson
Subject: IPS Signature Missing on SEPM Server

I've gotten several of these just this week.  Also another one: Audit: Environment Config File Download Attempt attack detected but not blocked.

This is concerning, since these are outgoing events and I'm not sure exactly what they mean.  Did you get any further info from your case with Broadcom?

------------------------------
Synergetic Office Systems| Inc.

Original Message:
Sent: 07-06-2020 06:39 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

We opened case about it and not getting anywhere... (32070296)

Hopefully this week it moves. So far support is claiming that this is to be expected however it does not make much sense.

------------------------------
STF Consulting LLC

Original Message:
Sent: 07-04-2020 07:03 AM
From: James L
Subject: IPS Signature Missing on SEPM Server

This is interesting as we have started getting these. Not looked into it fully, have you found anything about it?
Seems local which is it's not on the published list of attacks.

------------------------------
IT Support

Original Message:
Sent: 06-23-2020 06:04 AM
From: Sean Furman
Subject: IPS Signature Missing on SEPM Server

Morning Everyone, we are getting some logging for the IPS signature below. I cannot find it on the SEPM server. Anyone else hit this? I would like to change it to block but cannot find it in the list of signatures.

[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM