I currently have KAV 6.0.3.837 installed on Windows XP workstations within my network. All servers run Lotus Domino. All XP PCs run Lotus Notes, to access Lotus Domino. Domino is either V6.5.5 or V6.5.4. Notes client is V7.0.3
I have 1 user, who frequently gets the message that their PC is trying to be hacked and blocks access to the "offending" IP address. The IP address is always 1 of 2 Domino servers.
Neither of these servers are running any Anti Virus, but are completely clean. This does not happen on ANY other PC on the network. The PC in question is of identical build to all other PCs on the network both Windows and KAV wise.
The error provided is:
Event Hacker attack detection happened on computer xxxx in the domain
xxxx at 21 October 2009 12:49:44 (GMT+00:00)
Intrusion.Win.EMF.heap-overflow.exploit! Attacker's IP address: xxx.xxx.xxx.xxx.
Protocol/service: TCP on local port 1098. Time: 21/10/2009 12:49:44
There are no errors on the Domino server logs and no other errors on the PC or Notes client. The user does not seem to be doing anything in specific when this occurs and cannot be replicated on demand.
Has anyone seen this before and is there anything I can try to stop this happening?
Thanks
Full Version: KAV 6 Sees Lotus Domino As Hacker
QUOTE(victorm @ 30.10.2009 18:53) 
Thank you. That's a big help. I will run that next time the problem occurs.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.