Microsoft Windows file-sharing access error (Windows_Access_Error)

About this signature or vulnerability

RealSecure Server Sensor, RealSecure Desktop Protector, RealSecure Network, BlackICE, BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry, RealSecure Guard, BlackICE Agent for Server, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Virtual Server Protection for Vmware:

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects when a file sharing connection attempt to a Windows or Samba server has failed. When available, a reason for the rejection is provided along with the numeric error code.

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects when a file sharing connection attempt to a Windows or Samba server has failed. When available, a reason for the rejection is provided along with the numeric error code.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

RealSecure Server Sensor: 7.0, RealSecure Desktop Protector: 3.6, RealSecure Network: 2.1, RealSecure Network: 7.0, BlackICE: 3.5ebo, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, BlackICE Agent for Server: 3.6, Proventia Desktop: 8.0.614.1, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Network MFS: 1.0, IBM Security Server Protection for Windows: 1.0.914.0, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: baseline, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Linux Kernel, Microsoft Windows

Type

Protocol Signature

Vulnerability description

A file-sharing connection attempt to a Windows or Samba server has failed.

How to remove this vulnerability

Note the source (file server) and destination (client) addresses of the rejection. Investigate whether the user of that client is authorized to access resources on that server. If the user is authorized, determine the cause of the difficulty in establishing a file-sharing connection.

References

ISS X-Force
Microsoft Windows file-sharing access error
http://www.iss.net/security_center/static/1075.php