Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
3
Helpful
2
Replies

CSA 4.5.1.639 - What would be causing this activity on mulitple machines

kerraj2004
Level 1
Level 1

‎03-21-2006 07:48 AM - edited ‎03-09-2019 02:20 PM

Dont know why or what keeps causing this to trigger. Should it be denied or allowed?

The Process 'C:\WINDOWS\SYSTEM32\cmd.exe' (user) attemped to access 'C:\WINDOWS\SYSTEM32\drivers\etc\services'. The attempted access was a write (operation = OPEN/ WRITE).

The user was queried and a 'Yes' response was received.

Labels:
0 Helpful
2 Replies 2

tsteger1
Level 8
Level 8

‎03-21-2006 10:18 AM

Could be FTP or some other networking process looking at the services file. Might want to talk to the user saying "yes" and see what they are doing to trigger it.

kerraj2004
Level 1
Level 1
In response to tsteger1

‎03-21-2006 12:02 PM

Thanks, it is something at boot. I will also look at the msconfig.

0 Helpful
Customers Also Viewed These Support Documents