I am looking into the bufferoverflow events in CSA and need your assistance in this one.Here is the event:The application 'C:\Program Files\Internet Explorer\iexplore.exe' (***) tried to call the function VirtualProtectEx("<self>") from a buffer (the...

CSA did not prevent a machine from sending SMTP traffic to thousands of internal machines despite the fact that the user terminated the action.Does "concurrent query limit exceeded" means that CSA was overwhelmed and just could not handle the volume?...

Does Skype make IRC connections?We are detecting this all the time from multiple ports:"Potential worm propagation: The process 'C:\Program Files\Skype\Phone\Skype.exe' (as user ) has read downloaded content (file C:\Program Files\Skype\Phone\Skype.e...

We have an in-house vulnerability scanner that regularly does port scans and we don't want to see events when the source IP is from the vulnerability scanner. We tried a network access rule but it dose not work. 1) Network Shim is enabled 2) Network ...

We have an in-house vulnerability scanner that regularly does port scans and we don't want to see events when the source IP is from the vulnerability scanner.We tried a network access rule but it dose not work.1) Network Shim is enabled2) Network sh...