Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Would be blocked by port blocking rule (rule is in warn-only mode) (Anti-virus Standard Protection:Prevent mass mailing worms from sending mail).
|English: Request a translation of the event description in plain English.|
This event may be recorded by McAfee antivirus if a program is trying to send mass emails (spam) or if the system is probed by a port scanner. Several users reported this event when their network has been scanned. This particular description indicates that the AV was in "warning only" mode so while it detected the attempt to use that port, it did not block it.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated