Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Microsoft SMS causing Sig 3307

My SMS Primary Site server is generating a lot of alerts for 3307 Windows RedButton Attack. Is this a known trigger?

3 REPLIES
New Member

Re: Microsoft SMS causing Sig 3307

SMS may use registry keys created by the operating system or other applications. SMS may also create new keys or add values to existing keys created by the operating system or other applications on system running the sms client.

This can trigger false positives as it looks like a RedButton Attack.

Cisco Employee

Re: Microsoft SMS causing Sig 3307

SMS may not be specifically listed as a known false positive, however, network management stations are listed generically. Specific to your question...Yes, an SMS site server would be a logical culprit for a False Postive on the RedButton Attack (3307). If you have looked at the traffic and determined its not otherwise malicious, I would put in a filter for the SMS server and this alarm.

Scott Cothrell

New Member

Re: Microsoft SMS causing Sig 3307

OK. I'll exclude the SMS servers as a source.

Thanks

90
Views
6
Helpful
3
Replies
CreatePlease login to create content