We've just received these new appliances and I've been trying to make heads or tails of messages received about "attacks".

This is the message that I'm getting

Windows DCOM Overflow 5588/0 192.168.3.34 192.168.1.7 droppedPacket, deniedFlow, tcpOneWayResetSent 445 60 95

I have a DC and five Satellite Servers and there all on a VPN and they replicate. This is a constent "attack" that I'm getting. I've made filters to make sure that the Network IP's in question are exempt from this signature.

I also did a DCdiag on the Domain Controler. This is not the only signature that I get that my DC is "attacking" other IP's within the Network....Here's my device and versions..

IPS ver. 6.1(1) E2

Device Type: ASA-SSM 10

ASDM= ASA Ver. 8.0 (2)

Device Type: ASA5510

ASDM ver 6.0(2)

I know that it can't be anything that is making the Servers comprimised, but I'm trying to narrow this down. I really don't want to disable the signature for fear of allowing anything from the outside coming in. My gut feeling is that its a false positive anyone else have this issue?

Same issue with a sig firing of 3337/0 Windows RPC Race condition....This one is firing from my DC to my sattelite office servers....All are healthy btw.