Hello,
I keep getting a LOT of
|
[SID: 32329] Audit: Malicious Scan Attempt 2 attack detected but not blocked. Application path: SYSTEM
|
1- What causes this attack? what exactly is being done on the other end? is it port scanning by the attacker (something like Nmap)?
2- I know how to have these blocked but was wondering if this could be a legitimate connection between servers or something and blocking it might cause any issues. (it sometimes shows our DMZ as the remote host so i didn't want to interrupt a legitimate connection in case it was)
But i really wondering what this attack is or if it's a real attack attempt because according to Symantec (This attack poses a minor threat. Corrective action may not be possible or is not required). but i get 10s a day and would like to stop them completely.
Please let me know if this could cause any business disruptions. Thank you!