Suspicious ActiveX installer detected (Suspicious_ActiveX_Installer)

About this signature or vulnerability

Proventia Network IPS, RealSecure Desktop Protector 3.6, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Desktop, IBM Security Server Protection for Windows, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects attempts to install suspicious ActiveX controls. This may indicate an attempt to install spyware on the victim's computer. This signature may be configured to ignore specific vendors by using the pam.activex.whitelist tuning parameter.

This signature detects attempts to install suspicious ActiveX controls. This may indicate an attempt to install spyware on the victim's computer. This signature may be configured to ignore specific vendors by using the pam.activex.ignore tuning parameter.

Default risk level

 Medium

Sensors that have this signature

Proventia Network IPS: XPU 1.42, RealSecure Desktop Protector 3.6: eoa, RealSecure Desktop: eoa, Proventia-G 1.1 and earlier: XPU 24.2, Proventia Network IDS: XPU 24.2, Proventia Desktop: 8.0.614.1, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: XPU 1.41, RealSecure Server Sensor: XPU 24.2, RealSecure Network: XPU 24.2, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft Windows 95, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2003 Server

Type

Suspicious Activity

Vulnerability description

How to remove this vulnerability

References