MS-RPC: SAMR Access Denied
This signature detects failed attempts to connect to the Security Account Manager Remote (SAMR) service on Microsoft Windows. Attackers can be probing your server for vulnerabilities, as a successful login to this service provides important information such as administrator account details, default domain names, open users, and active groups. However, because system administrators also use the SAMR service legitimately, this signature can also detect non-malicious activity.
References
URL: http://support.microsoft.com/default.aspx?scid=kb;en-us;286179
Short Name
MS-RPC:SAMR-ACCESS-DENIED
Severity
Info
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
Access Denied SAMR
Release Date
09/30/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely