NT SAM Database access detected using PIPE/samr service (MSRPC_Pipe_SAMR)

About this signature or vulnerability

Proventia Network IPS, RealSecure Desktop, RealSecure Desktop Protector 3.6, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, Proventia Network IDS, Proventia Desktop, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network. This signature reports access attempts to the NT Security Accounts Manager (SAM) Database Management Services using named pipes.

Default risk level

 Medium

Sensors that have this signature

Proventia Network IPS: XPU 1.42, RealSecure Desktop: enz, RealSecure Desktop Protector 3.6: enz, RealSecure Server Sensor: XPU 23.2, RealSecure Network: XPU 23.2, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, Proventia Network IDS: XPU 23.2, Proventia Desktop: 8.0.614.1, Proventia-G 1.1 and earlier: XPU 23.2, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: XPU 1.39, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Microsoft Windows NT: 4.0

Type

Unauthorized Access Attempt

Vulnerability description

How to remove this vulnerability

References