Bruteforce.Generic.MSSQL.b

Omarinho · September 4, 2019

Hello, We are hosting an unsupported system called Care Free (http://www.carefreegroup.com/) for a customer that we provide IT support and Infrastructure for on one of our Windows 2016 Servers running SQL 2017 and KES 11.0.6499 pf5101 As of yesterday only Database release date: 04/09/2019 06:39:00 We've been receiving an alert from the NTP component on this server alerting us of a Bruteforce.Generic.MSSQL.b. on port 1433 of the server from clients running the Care Free software. This issue can be recreated when the client accesses a specific location within the application. The NTP block is causing a complete loss of connectivity to the SQL database intermittently making the application unusable. Obviously with the nature of the attack being a brute force I've had the affected system users change their password to a much more complex one (it is a local SQL account) I've been in touch with the vendor to identify what the precise workflow within the application is actually doing. However, is there any chance we could maybe identify whether the new database release might be a false positive? Event type: Network attack detected Application\Name: Kaspersky Endpoint Security for Windows User: F4\xxxxxxxxxx (Active user) Component: Network Threat Protection Result\Description: Blocked Result\Name: Bruteforce.Generic.MSSQL.b Object: TCP from 172.xx.xx.xx to 172.x.x.x:1433 Object\Type: Network packet Object\Name: TCP from 172.x.x.x to 172.x.x.x:1433 Object\Additional: 172.x.x.x Database release date: 04/09/2019 12:08:00

Nikolay Arinchev · September 4, 2019

Hi, To check is it false positive or not please create a request to https://companyaccount.kaspersky.com/ Thank you!

Antonio · September 5, 2019

Same here... Local database with lot of Navision users... since this Tuesday Tipo de evento: Ataque de red detectado Aplicación\Nombre: Kaspersky Endpoint Security para Windows Usuario: NT AUTHORITY\SYSTEM (Usuario del sistema) Componente: Protección frente a amenazas en la red Resultado\Descripción: Bloqueado Resultado\Nombre: Bruteforce.Generic.MSSQL.b Objeto: TCP de varios orígenes diferentes Objeto\Tipo: Paquete de red Objeto\Nombre: TCP de varios orígenes diferentes Objeto\Avanzado: Sospechoso: Fecha de las bases: 05/09/2019 1:37:00

Ivan Ponomarev · September 6, 2019

Hello! Please provide the incident number after you create it so we could provide you with necessary instructions for solving the issue. Thanks!

Omarinho · September 6, 2019

Hi, INC000010760939.

Ivan Ponomarev · September 6, 2019

Many thanks for the reply! Please wait for the information in the incident. Thanks!

Gugarts · September 6, 2019

We are having the same problem with using ASP Classic application via WEB.
Anything we can do?

Event Type: Network Attack Detected
Application \ Name: Kaspersky Endpoint Security for Windows
User: 
Component: Network Threat Protection
Result \ Description: Locked
Result \ Name: Bruteforce.Generic.MSSQL.b
Object: TCP from 1 ##. ###. #. # To 1 ##. ###. #. #: 1433
Object \ Type: Network Packet

Ivan Ponomarev · September 6, 2019

Hello! Do you have an incident created already? Thanks!

Gugarts · September 6, 2019

Hello! Do you have an incident created already? Thanks!

No. Thanks

Ivan Ponomarev · September 6, 2019

Hello! Please create an incident at companyaccount.kaspersky.com so we can provide with the further help Thanks!

Gugarts · September 6, 2019

Hello! Please create an incident at companyaccount.kaspersky.com so we can provide with the further help Thanks!

Hi, INC000010765779

Nikolay Arinchev · September 8, 2019

Hi, Thank you for that info! Please await for the nswer within INC000010765779

SistemasOfar · September 8, 2019

We are having the same isue from thurstady. We open the ticket in company account and are waiting for answers. INC000010768390 Regards.

Qubit · September 9, 2019

Same here, since wednesday 04.09.2019. We are waiting for answers. INC000010766766

Dmitry Parshutin · September 9, 2019

Hello! Please await for the answer in the incident. Thank you!

elehrairah23 · September 11, 2019

Присоединяюсь к участникам обсуждения. На Company Account создано обращение INC000010774376

BarisGumus · September 11, 2019

Hello, Have you found a solution on this issue? If the solution has been found, what actions should we take. thanks.

Vimaro · September 12, 2019

Hello, Have you found a solution on this issue? If the solution has been found, what actions should we take. thanks.

Dear user, Thanks for your message. Please submit a case in our Company Account service and provide here Incident number given by our system. Then, please wait for our specialists advices directly in your submitted case in Company Account.

Evgeniy Puchkov · September 12, 2019

Я не понял, служба поддержки будет работать по этой проблеме или нет? Обращение создано 06,09,2019.

INC000010763638

Никто ничего не предпринимает.

I did not understand if the support service will work on this problem or not?

Title created on 06.09.2012.
INC000010763638

No one is doing anything.

BarisGumus · September 12, 2019

Hello, Have you found a solution on this issue? If the solution has been found, what actions should we take. thanks.
Dear user, Thanks for your message. Please submit a case in our Company Account service and provide here Incident number given by our system. Then, please wait for our specialists advices directly in your submitted case in Company Account.

Hello there, Since last week, I have been receiving Bruteforce.Generic.MSSQL.b attacks from my users. I did not get results even though I did antivirus updates. I am requesting your solutions as soon as possible. Thanks. INC000010780075

Marcos · September 12, 2019

I have same problem here in my network. I guess this a false positive, clients trying to connect to sql server and that connection is blocked by kaspersky thinking this is an atack. i had open a ticket too NC000010779364

Igor Kurzin · September 13, 2019

Hello, this is a false detection, resolution is on the way, and will be published next week. Sorry about the incoveniences caused.

Marcos · September 13, 2019

This updates i think should be more tested before been released. that cause me a big headache.

CCPE · September 23, 2019

it's solved this problem?? i have my kaspersky disabled on my sql server waiting for the resolution..

Marcos · September 23, 2019

it's solved this problem?? i have my kaspersky disabled on my sql server waiting for the resolution..

You can just disable Network Threat Protection, this works for me. This way you are more protected than full KES disable.

Bruteforce.Generic.MSSQL.b

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

INC000010763638

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Please sign in to comment