Or, [SID: 27907] OS Attack: GNU Bash CVE-2014-6271 attack
blocked. Traffic has been blocked for this application: SYSTEM
Or, Windows Event Log - Symantec Endpoint Protection "[SID: 27907] OS Attack: GNU Bash CVE-2014-6271 attack
blocked. Traffic has been blocked for this application: SYSTEM".
Description:
This error event log occurs when you have Network Threat Protection component installed. When AV agent detects any unwanted or suspicious traffic from any IP/URL, it blocks whole traffic for approximately 10 minutes on the machine, coming from any IP/URL.
2. Update windows patches completely, no security or critical updates should be left un-patched.
3. If this issue is occurring on server which is already protected by multiple layer of security like, Firewall, Proxy filtering, etc.… you can think of removing the Network Threat Protection component. But, please understand the risk properly before doing it.
Few reference KBs must to check..
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907
https://www.symantec.com/security_response/vulnerability.jsp?bid=70103
http://www.symantec.com/connect/forums/recurring-message-cve-2014-6271
Please write me back if you have any query or feedback.. Cheers!!!
Description:
This error event log occurs when you have Network Threat Protection component installed. When AV agent detects any unwanted or suspicious traffic from any IP/URL, it blocks whole traffic for approximately 10 minutes on the machine, coming from any IP/URL.
To avoid this type of issues/errors, you may think of
following:
1. Delete any unwanted IPs assigned
to the affected machine. Sometime people assigns multiple IP to one computer
which may lead to this kind of issues.2. Update windows patches completely, no security or critical updates should be left un-patched.
3. If this issue is occurring on server which is already protected by multiple layer of security like, Firewall, Proxy filtering, etc.… you can think of removing the Network Threat Protection component. But, please understand the risk properly before doing it.
Few reference KBs must to check..
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907
https://www.symantec.com/security_response/vulnerability.jsp?bid=70103
http://www.symantec.com/connect/forums/recurring-message-cve-2014-6271
Please write me back if you have any query or feedback.. Cheers!!!