What actually happens is that the sensor records an evidence file (evd*.enc) which includes a tcp dump of the "code red" packet thus the false positive virus alarm.
If you find these alarms annoying, the best way would probable be to exclude *.enc files from virus checking. Regards P. >Hi, I noticed that when ISS server sensor 6.5 (with network monitoring)is installed on a server which has norton anti-virus software in it, the anti-virus scan (real time or scheduled) will >give out false positive alarms(Code Red virus). The infected file(with enc extension) is under the blackice folder. > >> >> Are there any patches or work around methods from ISS or Norton >>available to stop the anti-virus from giving false alarms? >> >> Kindly advise > > > >Thanks & regards > > _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
