CSA did not prevent a machine from sending SMTP traffic to thousands of internal machines despite the fact that the user terminated the action.
Does "concurrent query limit exceeded" means that CSA was overwhelmed and just could not handle the volume?
Potential worm propagation: The process 'C:\WINNT\ServicePackFiles\mmwnd.exe' (as user) has read downloaded content (file C:\WINNT\ServicePackFiles\mmwnd.exe) and attempted to access an email or network related resource (making a Network Email connection, 6//25).This is considered suspect. The user chose 'Terminate (concurrent query limit exceeded)'.
First detected on Apr 11
15:28 MMWND.EXE %WINDIR%\
Win32.Malware.gen: Deletes programs. Invokes dll components. Communicates with web sites using httpout protocols. Has mass mail capabilities.