Documente Academic
Documente Profesional
Documente Cultură
MC Afee Fire Log
Încărcat de
SabatogeTitlu original
Drepturi de autor
Formate disponibile
Partajați acest document
Partajați sau inserați document
Vi se pare util acest document?
Este necorespunzător acest conținut?
Raportați acest documentDrepturi de autor:
Formate disponibile
MC Afee Fire Log
Încărcat de
SabatogeDrepturi de autor:
Formate disponibile
McAfee Host Intrusion Prevention Log Wednesday, August 17, 2011 2:26:40 PM Time: Event: IP Address/User: Description: Path:
Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:02:20 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:02:20 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:02:20 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:02:21 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:02:21 AM Application McAfee Agent Script Engine (McScript_InUse) C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:03:08 AM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:03:51 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: 8/17/2011 11:03:52 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:03:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:04:06 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:04:06 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:04:08 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:05:39 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:06:46 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:06:50 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:07:20 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
8/17/2011 11:07:20 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:07:22 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:07:22 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:07:22 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:07:22 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:07:22 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:07:22 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:07:22 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:07:22 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:07:23 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:07:23 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:07:46 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:07:46 AM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 11:07:47 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:07:51 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation
Time: 8/17/2011 11:08:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138)
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:08:10 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:08:44 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:08:44 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:09:01 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:09:05 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:09:12 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:09:12 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:09:22 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:09:24 AM Event: Application IP Address/User: Description: Microsoft Office PowerPoint (POWERPNT)
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time:
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:09:38 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:09:40 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:09:56 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:09:57 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:09:59 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:10:15 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:10:19 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:10:39 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:10:45 AM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message:
Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:10:58 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:11:04 AM Application Microsoft Office PowerPoint (POWERPNT) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\POWERPNT.EXE Allowed Application Creation 8/17/2011 11:11:24 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:11:41 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:11:49 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:12:22 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:22 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: 8/17/2011 11:12:24 AM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:24 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:12:24 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:24 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:24 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:12:24 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:24 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:12:24 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 11:12:25 AM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:12:25 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:12:50 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:12:50 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:13:03 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:13:18 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:13:22 AM Application CONSENT.EXE C:\WINDOWS\SYSTEM32\CONSENT.EXE Allowed Application Creation 8/17/2011 11:13:23 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:13:23 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:13:54 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:14:17 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:14:17 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:14:42 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSWOW64\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:14:58 AM Application Windows Command Processor (cmd) C:\WINDOWS\SYSTEM32\CMD.EXE Allowed Application Creation 8/17/2011 11:14:58 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:15:04 AM Application TCP/IP Ping Command (PING) C:\WINDOWS\SYSTEM32\PING.EXE Allowed Application Creation 8/17/2011 11:15:56 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:15:56 AM Event: Application IP Address/User: Description: Microsoft Windows Search Protocol Host (SearchProtocolHost)
Path: Message: Time: Event: IP Address/User: Message: 22
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 11:16:36 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:36 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:36 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:36 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 11:16:36 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 11:16:36 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:36 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:36 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 Unknown - Source FE80:0000:0000:0000:C8 69:BDF9:FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:37 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:37 AM Event: Traffic IP Address/User: 224.0.0.22
Message: 22
Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:40 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:16:40 AM Application Microsoft Sync Center (mobsync) C:\WINDOWS\SYSTEM32\MOBSYNC.EXE Allowed Application Creation
Time: 8/17/2011 11:16:40 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0002 Message: Blocked Outgoing ICMPv6 Router Solicitation - Source FE80:0000: 0000:0000:7539:CF4F:298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0 002 Time: 8/17/2011 11:16:40 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:40 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0001:FF8A:69B4 Message: Blocked Outgoing ICMPv6 Neighbor Solicitation - Source Local Destination FF02:0000:0000:0000:0000:0001:FF8A:69B4 Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: .0.22 Time: Event: IP Address/User: Message: 22 Time: 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 11:16:41 AM
Event: Traffic IP Address/User: 224.0.0.22 Message: Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 .0.22 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: .0.22 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:41 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:41 AM
Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:41 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: .0.22 Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Message: .0.22 Time: Event: IP Address/User: Message: 22 8/17/2011 11:16:43 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 8/17/2011 11:16:43 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 11:16:43 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 8/17/2011 11:16:43 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:43 AM
Event: Traffic IP Address/User: 224.0.0.22 Message: Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 22 Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 11:16:43 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: .0.22 8/17/2011 11:16:43 AM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0
Time: 8/17/2011 11:16:44 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0002 Message: Blocked Outgoing ICMPv6 Router Solicitation - Source FE80:0000: 0000:0000:7539:CF4F:298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0 002 Time: 8/17/2011 11:16:48 AM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0002 Message: Blocked Outgoing ICMPv6 Router Solicitation - Source FE80:0000: 0000:0000:7539:CF4F:298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0 002 Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 11:17:25 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:17:25 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:26 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:26 AM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:26 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:26 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:17:26 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:17:26 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:17:26 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:17:26 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:27 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:17:27 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:17:53 AM Application Internet Explorer (iexplore) C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 11:17:54 AM Application Internet Explorer (iexplore) C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation
Time: 8/17/2011 11:17:59 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:00 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:01 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:01 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:02 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 11:18:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:04 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:04 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:09 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:09 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:10 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:11 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:18:12 AM Event: Traffic IP Address/User: 192.168.10.65
Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:19:22 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:19:22 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation
Time: 8/17/2011 11:19:26 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:19:27 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:19:28 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:19:30 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:19:30 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:19:31 AM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:19:37 AM Application Internet Explorer (iexplore) C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation
Time: 8/17/2011 11:20:18 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1098) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:18 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1097) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:21 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1098) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:21 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1096) Destina tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:20:21 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1097) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:20:27 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming TCP - Source 192.168.10.65 : (1096) Destina
tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:20:27 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1098) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:28 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1097) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:49 AM Event: Traffic IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:49 AM Event: Traffic IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1107) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1105) Destina tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1106) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: Event: 8/17/2011 11:20:50 AM Traffic
IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1104) Destina tion 192.168.10.66 : http (80) Time: 8/17/2011 11:20:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1107) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:53 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1106) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1105) Destina tion 192.168.10.66 : ms-ds (445) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:20:59 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming TCP - Source 192.168.10.65 : (1105) Destina
tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:20:59 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1107) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:20:59 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1106) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:21:38 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:21:39 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:21:40 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:21:40 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:21:41 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: 8/17/2011 11:21:42 AM Traffic
IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:21:46 AM Application Ribbons Screen Saver (Ribbons) C:\WINDOWS\SYSTEM32\RIBBONS.SCR Allowed Application Creation
Time: 8/17/2011 11:22:00 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:00 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:00 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:01 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:04 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:04 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 11:22:05 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:05 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:08 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:08 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:09 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:10 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:10 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:12 AM Event: Traffic IP Address/User: 192.168.10.65
Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:13 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:14 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:15 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:15 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:16 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:17 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:18 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138)
Time: 8/17/2011 11:22:18 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:18 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:20 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:21 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:23 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:24 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:25 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:26 AM Event: Traffic IP Address/User: 192.168.10.65
Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: 8/17/2011 11:22:27 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:22:27 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:22:28 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:22:28 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:22:28 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:22:28 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: 8/17/2011 11:22:28 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: 8/17/2011 11:22:29 AM Application
IP Address/User: Description: MCSCRIPT_INUSE.EXE Path: C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E XE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:22:29 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:22:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: TR.EXE Message: 8/17/2011 11:22:32 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:32 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:22:32 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:22:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:22:33 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: 8/17/2011 11:22:34 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:35 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:35 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:35 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:35 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:36 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:36 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:48 AM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:48 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:49 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:50 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:53 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: 8/17/2011 11:22:54 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:57 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:57 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:22:58 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:22:58 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:01 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:02 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:23:03 AM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:04 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:05 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:08 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:08 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:23:08 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: 8/17/2011 11:23:09 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:12 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:23:12 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:13 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:13 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:23:16 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:23:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:23:45 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1126) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:23:45 AM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1124) Destina tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:23:45 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1125) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:23:48 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1126) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:23:48 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1124) Destina tion 192.168.10.66 : ms-ds (445) Time: 8/17/2011 11:23:48 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1125) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:23:54 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 192.168.10.65 : (1126) Destina tion 192.168.10.66 : netbios-ssn (139) Time: 8/17/2011 11:23:54 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming TCP - Source 10.1.40.59 : (1125) Destinatio n 192.168.10.66 : netbios-ssn (139) Time: Event: IP Address/User: Description: Path: 8/17/2011 11:23:54 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming TCP - Source 192.168.10.65 : (1124) Destina tion 192.168.10.66 : ms-ds (445) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:24:27 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:24:27 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation
Time: 8/17/2011 11:24:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:25:23 AM Application Windows Control Panel (control) C:\WINDOWS\SYSTEM32\CONTROL.EXE Allowed Application Creation 8/17/2011 11:25:23 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSWOW64\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:25:24 AM Application SPPSVC.EXE C:\WINDOWS\SYSTEM32\SPPSVC.EXE Allowed Application Creation
Time: 8/17/2011 11:26:09 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:26:10 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137)
Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:26:11 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: 8/17/2011 11:27:29 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:27:29 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:27:30 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:27:30 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:27:31 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:27:32 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 11:27:32 AM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:27:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:27:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:27:32 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:27:32 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:27:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:28:27 AM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 11:28:27 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:28:28 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:28:49 AM Application AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE Allowed Application Creation 8/17/2011 11:29:32 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:29:32 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation
Time: 8/17/2011 11:29:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:31:22 AM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 11:31:26 AM Application Windows Problem Reporting (WerFault) C:\WINDOWS\SYSTEM32\WERFAULT.EXE Allowed Application Creation
Time: 8/17/2011 11:31:29 AM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137) Time: 8/17/2011 11:31:29 AM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137)
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:31:30 AM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 11:31:30 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:31:30 AM Application Windows Explorer (explorer) C:\WINDOWS\EXPLORER.EXE Allowed Application Creation 8/17/2011 11:31:31 AM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 11:31:44 AM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 11:32:31 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:32:31 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:32:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:32:32 AM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:32:32 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:32:32 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:32:32 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:32:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:32:32 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:32:32 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:32:34 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:32:34 AM Application
IP Address/User: Description: CONHOST.EXE Path: C:\WINDOWS\SYSTEM32\CONHOST.EXE Message: Allowed Application Creation Time: 8/17/2011 11:34:19 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:34:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:34:37 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:34:37 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:34:59 AM Application Nero Express (NeroExpress) C:\PROGRAM FILES (X86)\NERO\NERO 9\NERO EXPRESS\NEROEXPRESS.EXE Allowed Application Creation
Time: 8/17/2011 11:35:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:35:03 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: 8/17/2011 11:35:04 AM Traffic
IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:35:09 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:35:10 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:35:11 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: 8/17/2011 11:35:21 AM Application AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE Allowed Application Creation 8/17/2011 11:37:32 AM Application Ribbons Screen Saver (Ribbons) C:\WINDOWS\SYSTEM32\RIBBONS.SCR Allowed Application Creation 8/17/2011 11:37:33 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:33 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:37:34 AM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event:
Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:34 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:37:34 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:34 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:37:36 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:36 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:37:38 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:38 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:37:38 AM Application
IP Address/User: Description: McAfee Windows Security Center library (WinSecCtr) Path: C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC TR.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:37:38 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:39:00 AM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 11:39:00 AM Application Task Scheduler Engine (taskeng) C:\WINDOWS\SYSTEM32\TASKENG.EXE Allowed Application Creation 8/17/2011 11:39:43 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:39:43 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:41:31 AM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 11:41:31 AM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:41:37 AM Event: Application IP Address/User: Description: AUDIODG.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path:
C:\WINDOWS\SYSTEM32\AUDIODG.EXE Allowed Application Creation 8/17/2011 11:42:35 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:42:35 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:42:36 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:42:36 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:42:36 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:42:36 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:42:37 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:42:37 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE
Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
Allowed Application Creation 8/17/2011 11:42:37 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:42:37 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:42:38 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:42:38 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:43:31 AM Application Buffer Overflow Protection Rule File Update Utility (entvutil) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE Allowed Application Creation 8/17/2011 11:43:31 AM Application VirusScan On-Demand Scanner (Scan64) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\SCAN64.E Allowed Application Creation
Time: 8/17/2011 11:44:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:44:48 AM Event: Application IP Address/User: Description: VirusScan tray icon (shstat)
Path: Message: Time: Event: IP Address/User: Description: Path: Message:
C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:44:48 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation
Time: 8/17/2011 11:46:22 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 11:47:16 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:47:17 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:47:18 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:47:23 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:47:24 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: 8/17/2011 11:47:24 AM Traffic
IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: 8/17/2011 11:47:37 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:47:37 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:39 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:39 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:39 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:47:39 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:47:40 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:47:40 AM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 :
Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:40 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:47:40 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:41 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:47:41 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:47:42 AM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:47:47 AM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:47:52 AM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 :
8/17/2011 11:47:57 AM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:48:01 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4664) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:48:01 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4283) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:48:01 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2006) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:48:01 AM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (3954) Destinatio n 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : 8/17/2011 11:48:02 AM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:48:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Description: 8/17/2011 11:48:07 AM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw)
Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:48:07 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:12 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:17 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:48:21 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:48:21 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:48:22 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:48:24 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:48:24 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 11:48:27 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:32 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:48:32 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:48:32 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:48:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:48:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: 8/17/2011 11:48:37 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:42 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:47 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 11:48:48 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:48:48 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:48:52 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:48:57 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:49:02 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:07 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: 8/17/2011 11:49:11 AM Traffic
IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:12 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:49:17 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:20 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:49:20 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:22 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:23 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:49:23 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: 8/17/2011 11:49:27 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 11:49:31 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:49:31 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:32 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:33 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:49:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:37 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:42 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:43 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:49:44 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:49:44 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:49:47 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:49:47 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:49:47 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 11:49:52 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:49:53 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:49:53 AM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:49:54 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:49:57 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:02 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:04 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:07 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:50:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 11:50:12 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:16 AM Traffic
IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:16 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:17 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:50:17 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:19 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4300) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:50:19 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4677) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:50:19 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2022) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:50:19 AM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (3970) Destinatio n 10.1.40.11 : netbios-ns (137)
Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 11:50:22 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:22 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:23 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:24 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:25 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:25 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:25 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:50:26 AM Traffic 10.1.40.26 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:26 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:26 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:50:27 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:32 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:50:37 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:50:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Description: Path: Message: on 224.0.0.252 : 8/17/2011 11:50:40 AM Traffic 10.1.40.57 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.57 : (59448) Destinati (5355)
Time: Event: IP Address/User: Description: Path: Message: on 224.0.0.252 :
8/17/2011 11:50:40 AM Traffic 10.1.40.57 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.57 : (59448) Destinati (5355)
Time: 8/17/2011 11:50:41 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:41 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:50:42 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:42 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:43 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:44 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:50:44 AM Traffic 10.1.40.57 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:47 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:47 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:50:47 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:50:48 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:49 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:50 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:50 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: 8/17/2011 11:50:52 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 11:50:52 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:52 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:53 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:54 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:55 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:55 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:56 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 11:50:57 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: 8/17/2011 11:50:57 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:58 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:59 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:50:59 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:51:00 AM Event: Traffic IP Address/User: 10.1.40.57 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.57 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 11:51:02 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:07 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:07 AM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw)
Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:51:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:51:12 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:17 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:22 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:27 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:32 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:37 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:51:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Description: 8/17/2011 11:51:37 AM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw)
Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:51:42 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:51:47 AM Event: Traffic IP Address/User: 10.1.40.34 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.34 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:51:47 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:51:48 AM Event: Traffic IP Address/User: 10.1.40.63 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.63 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 11:51:52 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:51:57 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:02 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:07 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:07 AM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw)
Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:52:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:52:12 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:52:14 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:52:17 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:22 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:27 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:32 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:52:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: 8/17/2011 11:52:37 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: 8/17/2011 11:52:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: 8/17/2011 11:52:39 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:52:39 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:52:41 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:52:41 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:52:41 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:52:41 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: 8/17/2011 11:52:42 AM Event: Application IP Address/User:
Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:52:42 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:52:42 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:52:42 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:52:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:43 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:52:43 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 11:52:44 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: 8/17/2011 11:52:47 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:52:52 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:52:57 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:02 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:53:03 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4317) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:53:03 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2040) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:53:03 AM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (3985) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:53:03 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4698) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:53:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: 8/17/2011 11:53:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:53:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:53:14 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:53:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:53:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: 8/17/2011 11:53:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:53:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:53:44 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:53:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:53:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:54:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: 8/17/2011 11:54:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:54:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:54:14 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:54:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:54:34 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138)
Time: 8/17/2011 11:54:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:54:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:54:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:54:44 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:54:45 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:54:45 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:54:46 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 11:54:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:58 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 11:54:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:54:58 AM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation
Time: 8/17/2011 11:55:02 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:55:02 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:55:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:55:05 AM Traffic 0.0.0.0 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati
on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:55:05 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:55:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:55:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:12 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:55:12 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:55:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:55:14 AM Traffic 10.1.40.26 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138)
Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:14 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:17 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:55:17 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4708) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:55:17 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2050) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:55:17 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4331) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:55:17 AM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (4001) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:55:18 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: 8/17/2011 11:55:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 11:55:19 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:55:24 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:24 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:55:27 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:55:27 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:55:28 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:29 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:55:29 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:55:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:55:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:55:44 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: 8/17/2011 11:55:48 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:55:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:55:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:02 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:56:02 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:06 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:56:06 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:56:07 AM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw) C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio
n Local : (4332) Time: 8/17/2011 11:56:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:56:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:14 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:56:14 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:56:14 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:56:15 AM Event: Traffic IP Address/User: 10.1.40.62 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.62 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:21 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:56:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:31 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 11:56:31 AM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:56:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: 8/17/2011 11:56:38 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:56:44 AM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:56:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:56:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:56:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:57:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:57:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: 8/17/2011 11:57:08 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:57:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:57:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:57:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:57:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:57:42 AM Event: Application IP Address/User: Description: fimcli
Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:57:42 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:57:43 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:57:43 AM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 11:57:43 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:57:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:43 AM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 11:57:44 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:57:44 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description:
8/17/2011 11:57:44 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:57:44 AM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 11:57:45 AM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 11:57:45 AM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 11:57:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:57:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:03 AM Traffic 10.1.40.26 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:58:05 AM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2070) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:58:05 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4347) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:58:05 AM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4727) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:58:05 AM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (4016) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 11:58:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:58:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 11:58:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:13 AM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:58:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:58:22 AM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:58:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:58:24 AM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.59 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 11:58:24 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:58:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:58:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: 8/17/2011 11:58:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:58:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:58:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:03 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:59:07 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 11:59:08 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:13 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:18 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:19 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:59:23 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:28 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:30 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:59:31 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 11:59:31 AM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137)
Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:59:33 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:37 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:59:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:59:37 AM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 11:59:37 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 11:59:38 AM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:59:38 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:43 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:47 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 11:59:48 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 11:59:48 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 11:59:48 AM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: 8/17/2011 11:59:53 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 11:59:58 AM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:03 PM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 12:00:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:03 PM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE
Message:
Allowed Application Creation
Time: 8/17/2011 12:00:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:00:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:00:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:00:19 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:00:20 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:00:21 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:00:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:00:28 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:00:29 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:00:30 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:00:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:34 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:00:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Description: 8/17/2011 12:00:37 PM Traffic 10.1.40.11 Java(TM) Platform SE binary (javaw)
Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:00:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:41 PM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation 8/17/2011 12:00:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:00:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:01:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332)
Time: 8/17/2011 12:01:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:10 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:01:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:01:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:01:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:33 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:01:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:43 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:43 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:01:46 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:01:46 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:01:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:01:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:01:54 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:01:54 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:01:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:02:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:02:07 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:02:08 PM Event: Traffic IP Address/User: 10.1.40.44
Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: 8/17/2011 12:02:10 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:02:10 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:02:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:02:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:02:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:27 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:02:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:28 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:02:28 PM
Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:02:29 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:02:30 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:02:31 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:02:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:02:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: 8/17/2011 12:02:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:02:42 PM
Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (4052) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:02:42 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2094) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:02:42 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4371) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:02:42 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:02:42 PM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4769) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:02:42 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: I.EXE Message: 8/17/2011 12:02:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:02:44 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
8/17/2011 12:02:44 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:45 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:45 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:45 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:02:45 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:02:46 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:02:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:47 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:02:47 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:48 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:02:48 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:02:48 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:02:48 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:02:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:02:54 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:02:54 PM
Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:02:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:03:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:03:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:03:11 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:03:11 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:03:13 PM Event: Traffic IP Address/User: 10.1.40.44
Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:03:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:03:34 PM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137) Time: 8/17/2011 12:03:34 PM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:03:34 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 12:03:34 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation
Time: 8/17/2011 12:03:38 PM Event: Traffic IP Address/User: 10.1.40.44
Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: 8/17/2011 12:03:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:03:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:03:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:45 PM Application Diagnostics Troubleshooting Wizard (msdt) C:\WINDOWS\SYSTEM32\MSDT.EXE Allowed Application Creation 8/17/2011 12:03:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:03:46 PM Application Scripted Diagnostics Native Host (sdiagnhost) C:\WINDOWS\SYSTEM32\SDIAGNHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:03:47 PM Event: Traffic IP Address/User: 10.1.40.63 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.63 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:03:48 PM Traffic 10.1.40.34 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.34 : netbios-dgm (138)
Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:03:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:03:59 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:02 PM Application AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE Allowed Application Creation 8/17/2011 12:04:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:04:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:04:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:04:09 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:14 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:04:19 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:24 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:29 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:34 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:04:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:04:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:04:39 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:04:49 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:04:49 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:04:49 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:04:50 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:04:54 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:04:59 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:04 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:05:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:05:09 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 :
VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 12:05:09 PM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 12:05:09 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:12 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSWOW64\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:05:14 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:05:14 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:17 PM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (4783) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:05:17 PM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (4072) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:05:17 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4389) Destinatio n 10.1.40.11 : netbios-ns (137)
Time: 8/17/2011 12:05:17 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:18 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:18 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:05:19 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:21 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:22 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:22 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: 8/17/2011 12:05:23 PM Application Scripted Diagnostics Native Host (sdiagnhost) C:\WINDOWS\SYSTEM32\SDIAGNHOST.EXE
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: s) Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 :
Allowed Application Creation 8/17/2011 12:05:23 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:05:23 PM Application Diagnostics Troubleshooting Wizard (msdt) C:\WINDOWS\SYSTEM32\MSDT.EXE Allowed Application Creation 8/17/2011 12:05:24 PM Application Microsoft Resource File To COFF Object Conversion Utility (cvtre C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CVTRES.EXE Allowed Application Creation 8/17/2011 12:05:24 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:24 PM Application Visual C# Command Line Compiler (csc) C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\CSC.EXE Allowed Application Creation 8/17/2011 12:05:29 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:30 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:31 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:31 PM
Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2116) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 12:05:32 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:32 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:32 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:33 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:05:34 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:35 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:36 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: 8/17/2011 12:05:36 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:05:38 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:38 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:05:39 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:39 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:05:40 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: 8/17/2011 12:05:42 PM Traffic 10.1.40.14 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:05:43 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:05:44 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:05:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:05:45 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:05:46 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:05:49 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:51 PM Application Windows Control Panel (control) C:\WINDOWS\SYSTEM32\CONTROL.EXE Allowed Application Creation 8/17/2011 12:05:52 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 12:05:52 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSWOW64\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:05:54 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:54 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:05:59 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:04 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:04 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:06:06 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:07 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:06:08 PM Traffic 10.1.40.14 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: 8/17/2011 12:06:08 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:06:09 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:06:10 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:10 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:11 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: 8/17/2011 12:06:12 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 12:06:13 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Message:
Allowed Application Creation
Time: 8/17/2011 12:06:13 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:14 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 12:06:14 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:06:14 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:06:16 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:06:17 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:06:18 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: 8/17/2011 12:06:19 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 12:06:19 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 12:06:20 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 12:06:24 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:29 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:30 PM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 12:06:30 PM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 12:06:34 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:06:37 PM Event: Traffic IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: 8/17/2011 12:06:37 PM Traffic
IP Address/User: 10.1.40.11 Description: Java(TM) Platform SE binary (javaw) Path: C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : (4332) Destinatio n Local : (4332) Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: 8/17/2011 12:06:38 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 12:06:38 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 12:06:39 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:45 PM Application LOGONUI.EXE C:\WINDOWS\SYSTEM32\LOGONUI.EXE Allowed Application Creation 8/17/2011 12:06:49 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:54 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:06:59 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:07:01 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: 32.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Allowed Application Creation 8/17/2011 12:07:01 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:07:01 PM Application Tablet PC Input Panel Helper (TabTip32) C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP Allowed Application Creation 8/17/2011 12:07:04 PM Application Windows Modules Installer (TrustedInstaller) C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE Allowed Application Creation 8/17/2011 12:07:04 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:07:04 PM Application LOGONUI.EXE C:\WINDOWS\SYSTEM32\LOGONUI.EXE Allowed Application Creation 8/17/2011 12:07:05 PM Application Group Policy Script Application (gpscript) C:\WINDOWS\SYSTEM32\GPSCRIPT.EXE Allowed Application Creation
Time: 8/17/2011 12:09:21 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 12:09:21 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: 8/17/2011 12:09:23 PM Event: Application IP Address/User: Description: VDSLDR.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: .EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: ICE.EXE Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
C:\WINDOWS\SYSTEM32\VDSLDR.EXE Allowed Application Creation 8/17/2011 12:09:23 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:09:23 PM Application On-Access Scanner service (McShield) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\MCSHIELD Allowed Application Creation 8/17/2011 12:09:23 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:09:23 PM Application SoftThinks Agent Service (SftService) C:\PROGRAM FILES (X86)\ALIENRESPAWN\SFTSERVICE.EXE Allowed Application Creation 8/17/2011 12:09:23 PM Application Nero BackItUp (NBService) C:\PROGRAM FILES (X86)\COMMON FILES\NERO\NERO BACKITUP 4\NBSERV Allowed Application Creation 8/17/2011 12:09:24 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:09:24 PM Application VSCore Announcer (mfeann) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\MFEANN.E Allowed Application Creation 8/17/2011 12:09:24 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:09:24 PM Application TABLET.EXE C:\WINDOWS\SYSTEM32\TABLET.EXE Allowed Application Creation 8/17/2011 12:09:25 PM Application WMI Provider Host (WmiPrvSE) C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE Allowed Application Creation
Time: 8/17/2011 12:09:25 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:25 PM Application TABLET.EXE C:\WINDOWS\SYSTEM32\TABLET.EXE Allowed Application Creation
Time: 8/17/2011 12:09:25 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: 8/17/2011 12:09:31 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:31 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 12:09:32 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67)
Time: 8/17/2011 12:09:32 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:33 PM Application VDS.EXE C:\WINDOWS\SYSTEM32\VDS.EXE Allowed Application Creation
Time: 8/17/2011 12:09:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:34 PM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation 8/17/2011 12:09:34 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:09:35 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:09:35 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:35 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:09:35 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:35 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:09:36 PM Application WMI Provider Host (WmiPrvSE) C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE Allowed Application Creation 8/17/2011 12:09:37 PM Application Lists the current running tasks (tasklist) C:\WINDOWS\SYSWOW64\TASKLIST.EXE Allowed Application Creation 8/17/2011 12:09:39 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:39 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:09:39 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:39 PM Application Group Policy Script Application (gpscript) C:\WINDOWS\SYSTEM32\GPSCRIPT.EXE Allowed Application Creation
Time: 8/17/2011 12:09:39 PM Event: Application IP Address/User:
Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: .EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path:
engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:09:39 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:09:39 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:09:40 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:09:40 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:40 PM Application Registry Editor (regedit) C:\WINDOWS\REGEDIT.EXE Allowed Application Creation 8/17/2011 12:09:40 PM Application AlienFusionController (AlienFusionController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\ALIENFUSIONCONTROLLER Allowed Application Creation 8/17/2011 12:09:41 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:41 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC
TR.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
Allowed Application Creation 8/17/2011 12:09:42 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 12:09:43 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:09:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 12:09:48 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 12:09:48 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: XE Message: 8/17/2011 12:09:49 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 12:09:50 PM Application VirusScan On-Demand Scanner (Scan64) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\SCAN64.E Allowed Application Creation
Time: 8/17/2011 12:09:50 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:51 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:09:51 PM Application Tablet PC Input Panel Accessory (TabTip) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\TABTIP.EXE Allowed Application Creation 8/17/2011 12:09:51 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:09:51 PM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation 8/17/2011 12:09:51 PM Application WISPTIS.EXE C:\WINDOWS\SYSTEM32\WISPTIS.EXE Allowed Application Creation
Time: 8/17/2011 12:09:51 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 12:09:51 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:09:52 PM
Event: IP Address/User: Description: Path: Message:
Application Windows Explorer (explorer) C:\WINDOWS\EXPLORER.EXE Allowed Application Creation
Time: 8/17/2011 12:09:52 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:52 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:09:52 PM Application Userinit Logon Application (userinit) C:\WINDOWS\SYSTEM32\USERINIT.EXE Allowed Application Creation 8/17/2011 12:09:52 PM Application DWM.EXE C:\WINDOWS\SYSTEM32\DWM.EXE Allowed Application Creation 8/17/2011 12:09:52 PM Application Task Scheduler Engine (taskeng) C:\WINDOWS\SYSTEM32\TASKENG.EXE Allowed Application Creation 8/17/2011 12:09:53 PM Application TABLET.EXE C:\WINDOWS\SYSTEM32\TABLET.EXE Allowed Application Creation 8/17/2011 12:09:53 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation
Time: 8/17/2011 12:09:53 PM Event: Application IP Address/User: Description: TABUSERW.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: 32.EXE Message: Time: Event: IP Address/User: Message: 22
C:\WINDOWS\SYSTEM32\WTABLET\TABUSERW.EXE Allowed Application Creation 8/17/2011 12:09:53 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:09:53 PM Application Tablet PC Input Panel Helper (TabTip32) C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP Allowed Application Creation 8/17/2011 12:09:54 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0.
Time: 8/17/2011 12:09:54 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: .0.22 Time: Event: IP Address/User: Description: Path: ER.EXE Message: 8/17/2011 12:09:54 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0 8/17/2011 12:09:54 PM Application Google Installer (GoogleCrashHandler) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.65\GOOGLECRASHHANDL Allowed Application Creation
Time: 8/17/2011 12:09:54 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Description: Path: ICE.EXE Message: Time: Event: 8/17/2011 12:09:55 PM Application ST Service Scheduling (STService) C:\PROGRAM FILES (X86)\ALIENRESPAWN\COMPONENTS\SCHEDULER\STSERV Allowed Application Creation 8/17/2011 12:09:55 PM Application
IP Address/User: Description: Run Once Wrapper (runonce) Path: C:\WINDOWS\SYSWOW64\RUNONCE.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: ER.EXE Message: 8/17/2011 12:09:55 PM Application VistaLauncher (Launcher) C:\PROGRAM FILES (X86)\ALIENRESPAWN\COMPONENTS\SCHEDULER\LAUNCH Allowed Application Creation
Time: 8/17/2011 12:09:55 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:7539:CF4F :298A:69B4 Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: .0.22 8/17/2011 12:09:55 PM Application Run Once Wrapper (runonce) C:\WINDOWS\SYSTEM32\RUNONCE.EXE Allowed Application Creation 8/17/2011 12:09:55 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 192.168.10.66 Destination 224.0
Time: 8/17/2011 12:09:55 PM Event: Traffic IP Address/User: FF02:0000:0000:0000:0000:0000:0000:0016 Message: Blocked Outgoing ICMPv6 - Source FE80:0000:0000:0000:C869:BDF9 :FA56:2FEC Destination FF02:0000:0000:0000:0000:0000:0000:0016 Time: Event: IP Address/User: Message: 22 Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: 8/17/2011 12:09:55 PM Traffic 224.0.0.22 Blocked Outgoing IGMP - Source 10.1.40.11 Destination 224.0.0. 8/17/2011 12:09:56 PM Application MUI language setting module (SetMUILanguage) C:\PROGRAM FILES (X86)\ALIENRESPAWN\SETMUILANGUAGE.EXE Allowed Application Creation 8/17/2011 12:09:57 PM Application VDSLDR.EXE C:\WINDOWS\SYSTEM32\VDSLDR.EXE Allowed Application Creation 8/17/2011 12:09:57 PM Application
IP Address/User: Description: VDS.EXE Path: C:\WINDOWS\SYSTEM32\VDS.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:58 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation
Time: 8/17/2011 12:09:58 PM Event: Application IP Address/User: Description: Adobe Updater Startup Utility (updaterstartuputility) Path: C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\OOBE\PDAPP\UWA\UPDATE RSTARTUPUTILITY.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: OLLER.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:09:58 PM Application ThermalController (ThermalController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\THERMALCONTROLLER.EXE Allowed Application Creation 8/17/2011 12:09:58 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation 8/17/2011 12:09:58 PM Application Realtek HD Audio Manager (RAVCpl64) C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE Allowed Application Creation 8/17/2011 12:09:58 PM Application Alienware AlienFX Controller (AlienwareAlienFXController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\ALIENWAREALIENFXCONTR Allowed Application Creation 8/17/2011 12:09:59 PM Application ActivIdentity Event Service (acevents) C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACEVENTS.EXE Allowed Application Creation
Time: 8/17/2011 12:09:59 PM Event: Application IP Address/User: Description: ActivIdentity card event handler (accrdsub)
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: IASTORICON.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACCRDSUB.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application IAStorIcon (IAStorIcon) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\ Allowed Application Creation 8/17/2011 12:10:00 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application BCDEDIT.EXE C:\WINDOWS\SYSTEM32\BCDEDIT.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application ActivClient Agent (acsagent) C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACSAGENT.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application BCDEDIT.EXE C:\WINDOWS\SYSTEM32\BCDEDIT.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application Windows Desktop Gadgets (sidebar) C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE Allowed Application Creation 8/17/2011 12:10:00 PM Application Run Once Wrapper (runonce) C:\WINDOWS\SYSWOW64\RUNONCE.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: START.EXE Message: Time: Event: IP Address/User: Description: Path: .EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: AUDIO.EXE Message:
8/17/2011 12:10:01 PM Application Bluetooth Tray Application (BTTray) C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE Allowed Application Creation 8/17/2011 12:10:01 PM Application Catalyst Control Center Launcher (CLIStart) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLI Allowed Application Creation 8/17/2011 12:10:02 PM Application Catalyst Control Center: Monitoring program (MOM) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM Allowed Application Creation 8/17/2011 12:10:02 PM Application WkSvMgr (WkSvMgr) C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WKSVMGR.EXE Allowed Application Creation 8/17/2011 12:10:02 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:10:02 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:03 PM Application PowerDVD RC Service (PDVD9Serv) C:\PROGRAM FILES (X86)\CYBERLINK\POWERDVD9\PDVD9SERV.EXE Allowed Application Creation 8/17/2011 12:10:03 PM Application THXAudio (THXAudio) C:\PROGRAM FILES (X86)\CREATIVE\THX TRUSTUDIO PC\THXAUDIOCP\THX Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: E Message: Time: Event: IP Address/User: Description: Path: LLER.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:10:03 PM Application Creative UpdReg (Updreg) C:\WINDOWS\UPDREG.EXE Allowed Application Creation 8/17/2011 12:10:06 PM Application brs (brs) C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\BRS.EXE Allowed Application Creation 8/17/2011 12:10:06 PM Application Visual C# Command Line Compiler (csc) C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CSC.EXE Allowed Application Creation 8/17/2011 12:10:06 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:06 PM Application PowerDVD Language Application (Language) C:\PROGRAM FILES (X86)\CYBERLINK\POWERDVD9\LANGUAGE\LANGUAGE.EX Allowed Application Creation 8/17/2011 12:10:07 PM Application RemotingServiceController (RemotingServiceController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\REMOTINGSERVICECONTRO Allowed Application Creation 8/17/2011 12:10:07 PM Application Microsoft Windows Search Indexer (SearchIndexer) C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE Allowed Application Creation
Time: 8/17/2011 12:10:07 PM Event: Application IP Address/User: Description: Adobe CS5 Service Manager (CS5ServiceManager) Path: C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\CS5SERVICEMANAGER\CS5 SERVICEMANAGER.EXE Message: Allowed Application Creation Time: 8/17/2011 12:10:08 PM
Event: IP Address/User: Description: s) Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Application Microsoft Resource File To COFF Object Conversion Utility (cvtre C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CVTRES.EXE Allowed Application Creation 8/17/2011 12:10:08 PM Application ActivIdentity Event Service (acevents) C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACEVENTS.EXE Allowed Application Creation 8/17/2011 12:10:09 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:10:09 PM Application DoorController (DoorController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\DOORCONTROLLER.EXE Allowed Application Creation
Time: 8/17/2011 12:10:10 PM Event: Application IP Address/User: Description: Windows Media Player Network Sharing Service Configuration Appl ication (wmpnscfg) Path: C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: RD.EXE Message: 8/17/2011 12:10:10 PM Application Windows Media Player Network Sharing Service (wmpnetwk) C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE Allowed Application Creation 8/17/2011 12:10:10 PM Application SwitchBoard Server (32 bit) (SwitchBoard) C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\SWITCHBOARD\SWITCHBOA Allowed Application Creation
Time: 8/17/2011 12:10:10 PM Event: Application IP Address/User: Description: Windows Media Player Network Sharing Service Configuration Appl ication (wmpnscfg) Path: C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE Message: Allowed Application Creation Time: 8/17/2011 12:10:10 PM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: .EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Application Bluetooth Stack COM Server (BTStackServer) C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE Allowed Application Creation 8/17/2011 12:10:10 PM Application Catalyst Control Centre: Host application (CCC) C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC Allowed Application Creation 8/17/2011 12:10:11 PM Application Adobe Acrobat SpeedLauncher (acrobat_sl) C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 9.0\ACROBAT\ACROBAT_SL.EXE Allowed Application Creation 8/17/2011 12:10:11 PM Application AcroTray (acrotray) C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE Allowed Application Creation 8/17/2011 12:10:12 PM Application UpdateDriver (UpdateDriver) C:\WINDOWS\SYSWOW64\UPDATEDRIVER.EXE Allowed Application Creation 8/17/2011 12:10:12 PM Application CONSENT.EXE C:\WINDOWS\SYSTEM32\CONSENT.EXE Allowed Application Creation 8/17/2011 12:10:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:12 PM Application Adobe Reader and Acrobat Manager (AdobeARM) C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE Allowed Application Creation
Time: 8/17/2011 12:10:12 PM Event: Application IP Address/User: Description: Acrobat Distiller (acrodist)
Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: XY.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: RT.EXE Message: Time: Event: IP Address/User: Description: Path:
C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 9.0\ACROBAT\ACRODIST.EXE Allowed Application Creation 8/17/2011 12:10:12 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:10:14 PM Application Bluetooth Headset Skype Proxy (BluetoothHeadsetProxy) C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BLUETOOTHHEADSETPRO Allowed Application Creation 8/17/2011 12:10:15 PM Application Microsoft(C) Register Server (regsvr32) C:\WINDOWS\SYSTEM32\REGSVR32.EXE Allowed Application Creation 8/17/2011 12:10:16 PM Application UpdateDriver (UpdateDriver) C:\WINDOWS\SYSWOW64\UPDATEDRIVER.EXE Allowed Application Creation 8/17/2011 12:10:16 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:10:16 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:10:17 PM Application AutoPrt C:\PROGRAM FILES (X86)\IOGEAR AUTO PRINTER SHARING SWITCH\AUTOP Allowed Application Creation 8/17/2011 12:10:18 PM Application Adobe Acrobat SpeedLauncher (reader_sl) C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\READER_SL.EXE
Message: Time: Event: IP Address/User: Description: Path: E Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: E Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Y.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path:
Allowed Application Creation 8/17/2011 12:10:18 PM Application Java(TM) Update Scheduler (jusched) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EX Allowed Application Creation 8/17/2011 12:10:19 PM Application VirusScan tray icon (shstat) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Allowed Application Creation 8/17/2011 12:10:19 PM Application PASysTray EXE (PASysTray) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\PASYSTRAY.EX Allowed Application Creation 8/17/2011 12:10:19 PM Application Common User Interface (UdaterUI) C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\UDATERUI.EXE Allowed Application Creation 8/17/2011 12:10:19 PM Application McAfee HIP Tray Application (FireTray) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\FIRETRA Allowed Application Creation 8/17/2011 12:10:22 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:10:22 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:23 PM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: s) Path: Message: 8/17/2011 12:10:24 PM Application McTray Application (McTray) C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCTRAY.EXE Allowed Application Creation 8/17/2011 12:10:25 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application AlienFXHook64 Manager (AlienFXHook64Mngr) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\ALIENFXHOOK64MNGR.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application AlienFXHook32 Manager (AlienFXHook32Mngr) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\ALIENFXHOOK32MNGR.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:30 PM Application Microsoft Resource File To COFF Object Conversion Utility (cvtre C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CVTRES.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
8/17/2011 12:10:30 PM Application Visual C# Command Line Compiler (csc) C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CSC.EXE Allowed Application Creation 8/17/2011 12:10:32 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:10:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:39 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSWOW64\DLLHOST.EXE Allowed Application Creation 8/17/2011 12:10:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 12:10:43 PM Event: Application IP Address/User: Description: Windows Media Player Network Sharing Service Configuration Appl ication (wmpnscfg) Path: C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: TR.EXE Message: 8/17/2011 12:10:52 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:10:52 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:10:54 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 12:10:58 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 12:11:02 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:02 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:12 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:11:20 PM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-dgm (138 ) Destination 192.168.10.66 : netbios-dgm (138) Time: 8/17/2011 12:11:20 PM
Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-dgm (138 ) Destination 192.168.10.66 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:11:22 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:22 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:32 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:33 PM Application .NET Runtime Optimization Service (mscorsvw) C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSCORSVW.EXE Allowed Application Creation 8/17/2011 12:11:33 PM Application .NET Runtime Optimization Service (mscorsvw) C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MSCORSVW.EXE Allowed Application Creation
Time: 8/17/2011 12:11:34 PM Event: Application IP Address/User: Description: IAStorDataSvc (IAStorDataMgrSvc) Path: C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\ IASTORDATAMGRSVC.EXE Message: Allowed Application Creation Time: 8/17/2011 12:11:34 PM
Event: IP Address/User: Description: Path: .EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: ER.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Application AlienFusionController (AlienFusionController) C:\PROGRAM FILES\ALIENWARE\COMMAND CENTER\ALIENFUSIONCONTROLLER Allowed Application Creation 8/17/2011 12:11:34 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:11:34 PM Application Google Installer (GoogleCrashHandler) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.65\GOOGLECRASHHANDL Allowed Application Creation 8/17/2011 12:11:34 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:11:34 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:11:35 PM Application SPPSVC.EXE C:\WINDOWS\SYSTEM32\SPPSVC.EXE Allowed Application Creation 8/17/2011 12:11:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:11:42 PM Event: Application IP Address/User:
Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event:
McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:11:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:11:44 PM Traffic
IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:11:44 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:11:45 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:11:50 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:11:51 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:11:52 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:12:02 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:12:02 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: LIZATION.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:12:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:12:12 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:12:19 PM Application Input Personalization Server (InputPersonalization) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INPUTPERSONA Allowed Application Creation 8/17/2011 12:12:42 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:12:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:12:52 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:12:52 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:13:22 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation
Time: 8/17/2011 12:13:22 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:13:23 PM Application WMI Reverse Performance Adapter Maintenance Utility (WMIADAP) C:\WINDOWS\SYSTEM32\WBEM\WMIADAP.EXE Allowed Application Creation 8/17/2011 12:13:24 PM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE Allowed Application Creation 8/17/2011 12:13:24 PM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 12:13:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:13:32 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:14:02 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:02 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:14:13 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time:
8/17/2011 12:14:13 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:14:41 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:41 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:14:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:42 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:14:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:42 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:14:42 PM
Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event:
Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:14:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:14:43 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:43 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:14:43 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 12:14:43 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:14:52 PM Application SDCLT.EXE C:\WINDOWS\SYSTEM32\SDCLT.EXE Allowed Application Creation 8/17/2011 12:14:53 PM Application
IP Address/User: Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE 8/17/2011 12:14:53 PM Application McAfee VirusScan Enterprise WSC Exe (wscavexe) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\WSCAVEXE.EXE Allowed Application Creation 8/17/2011 12:14:53 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:15:18 PM Application Java(TM) Web Start Launcher (javaws) C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAWS.EXE Allowed Application Creation 8/17/2011 12:15:19 PM Application Java(TM) Platform SE binary (javaw) C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE Allowed Application Creation 8/17/2011 12:15:28 PM Application Buffer Overflow Protection Rule File Update Utility (entvutil) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE Allowed Application Creation 8/17/2011 12:15:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:43 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:43 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE
Allowed Application Creation 8/17/2011 12:19:44 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:44 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:19:44 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:44 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:44 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:19:44 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:44 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:19:44 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
Allowed Application Creation 8/17/2011 12:19:45 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:19:45 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 12:22:21 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:22:52 PM Application Windows Problem Reporting (wermgr) C:\WINDOWS\SYSTEM32\WERMGR.EXE Allowed Application Creation 8/17/2011 12:22:52 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation
Time: 8/17/2011 12:23:57 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:23:58 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: 8/17/2011 12:23:59 PM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:24:04 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:24:05 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:24:06 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:24:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:24:45 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:24:45 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:24:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:24:46 PM Event: Application IP Address/User:
Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:24:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:24:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:24:46 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:24:46 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:24:46 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:24:46 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:24:48 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:24:48 PM Event: Application IP Address/User:
Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message:
MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 12:29:47 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:47 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:29:48 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:48 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:29:48 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:48 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:48 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation
Time: 8/17/2011 12:29:48 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:48 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:29:48 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:29:50 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:29:50 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 12:34:22 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: 8/17/2011 12:34:49 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:34:49 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:34:50 PM Application
IP Address/User: Description: McAfee Windows Security Center library (WinSecCtr) Path: C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC TR.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: 8/17/2011 12:34:50 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:34:50 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:34:50 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:34:51 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:34:51 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:34:51 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:34:51 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:34:52 PM Application
IP Address/User: Description: MCSCRIPT_INUSE.EXE Path: C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E XE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:34:52 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:36:11 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:36:12 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:36:13 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:36:18 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:36:19 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:36:19 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:38:09 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation 8/17/2011 12:38:09 PM Application LPREMOVE.EXE C:\WINDOWS\SYSTEM32\LPREMOVE.EXE Allowed Application Creation 8/17/2011 12:38:09 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:38:59 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:38:59 PM Application Task Scheduler Engine (taskeng) C:\WINDOWS\SYSTEM32\TASKENG.EXE Allowed Application Creation 8/17/2011 12:39:00 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 12:39:14 PM Application VSSVC.EXE C:\WINDOWS\SYSTEM32\VSSVC.EXE Allowed Application Creation 8/17/2011 12:39:14 PM Application Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:39:14 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation 8/17/2011 12:39:14 PM Application Windows host process (Rundll32) (rundll32) C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Allowed Application Creation
Time: 8/17/2011 12:39:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:39:51 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:39:51 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:39:53 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:39:53 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:39:53 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:39:53 PM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:39:53 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:39:53 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:39:53 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:39:53 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:39:54 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:39:54 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 12:44:53 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:44:53 PM Event: Application IP Address/User: Description: fimcli
Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:44:55 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:44:55 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:44:55 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:44:55 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:44:55 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:44:55 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:44:55 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 12:44:55 PM Event: Application IP Address/User: Description: McAfee Windows Security Center library (WinSecCtr)
Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:44:56 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:44:56 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 12:46:23 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 12:48:25 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:48:25 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:48:26 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:48:31 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:48:32 PM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 12:48:33 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: 8/17/2011 12:49:56 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:49:56 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:49:57 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:49:57 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:49:57 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:49:57 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 12:49:57 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:49:57 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:49:57 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:49:57 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:49:58 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 12:49:58 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 12:54:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 12:54:58 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
8/17/2011 12:54:58 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:54:59 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:54:59 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 12:54:59 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:54:59 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:54:59 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 12:54:59 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:54:59 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
8/17/2011 12:54:59 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 12:55:01 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 12:55:01 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 12:58:25 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:00:00 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:00:00 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:00:01 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:00:01 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 1:00:01 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:00:01 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:00:01 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:00:01 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:00:01 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:00:01 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:00:03 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:00:03 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:00:38 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:00:39 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:00:40 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:00:43 PM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:00:45 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:00:46 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:00:47 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:05:02 PM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:02 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:05:04 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:04 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:05:04 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:04 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:05:05 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:05 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 1:05:16 PM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:05:16 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:05:16 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 1:09:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: 8/17/2011 1:09:46 PM Application Buffer Overflow Protection Rule File Update Utility (entvutil) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE Allowed Application Creation 8/17/2011 1:09:47 PM Application VirusScan On-Demand Scanner (Scan64) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\SCAN64.E Allowed Application Creation 8/17/2011 1:10:04 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: 8/17/2011 1:10:04 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:10:06 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:10:06 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:10:06 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:10:06 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:10:06 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:10:06 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:10:06 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 1:10:06 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:10:07 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:10:07 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:10:22 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 1:12:52 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:12:53 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:12:54 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:12:59 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:13:00 PM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:13:00 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 1:15:06 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:06 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:15:08 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:08 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:15:08 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:08 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:08 PM
Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message:
Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:15:08 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:08 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:15:08 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:15:09 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:15:09 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:20:09 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:09 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
8/17/2011 1:20:10 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:10 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:20:10 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:10 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:10 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:20:10 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:10 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:20:10 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
8/17/2011 1:20:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:20:12 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 1:22:23 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 1:24:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:24:46 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 1:24:49 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation
Time: 8/17/2011 1:25:06 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:25:07 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 1:25:07 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE 8/17/2011 1:25:11 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:25:11 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:25:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:25:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:25:12 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:25:12 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:25:12 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
Allowed Application Creation 8/17/2011 1:25:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:25:12 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:25:12 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:25:13 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:25:13 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:25:14 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: 8/17/2011 1:25:14 PM Application Microsoft Windows Search Protocol Host (SearchProtocolHost) C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE Allowed Application Creation 8/17/2011 1:25:14 PM Application Microsoft Windows Search Filter Host (SearchFilterHost) C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE
Allowed Application Creation 8/17/2011 1:25:14 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:25:14 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:25:50 PM Application Internet Explorer (iexplore) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE Allowed Application Creation 8/17/2011 1:30:13 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:30:13 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:14 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:30:14 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:14 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
Allowed Application Creation 8/17/2011 1:30:14 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:15 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:15 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:15 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:30:15 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:30:16 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:30:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:30:30 PM Application Ribbons Screen Saver (Ribbons) C:\WINDOWS\SYSTEM32\RIBBONS.SCR Allowed Application Creation
Time: 8/17/2011 1:32:55 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:32:56 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:32:57 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:32:57 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:32:58 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:32:59 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:33:00 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:33:00 PM Event: Traffic IP Address/User: 192.168.10.65
Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:34:21 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: 8/17/2011 1:35:15 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:35:15 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:35:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:35:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:35:16 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:35:16 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:35:16 PM Application
IP Address/User: Description: McAfee Windows Security Center library (WinSecCtr) Path: C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC TR.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:35:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:35:16 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:35:16 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:35:18 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:35:18 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:37:20 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:37:20 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:37:21 PM
Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:37:26 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:37:27 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:37:28 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: ER.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:38:34 PM Application Ribbons Screen Saver (Ribbons) C:\WINDOWS\SYSTEM32\RIBBONS.SCR Allowed Application Creation 8/17/2011 1:39:00 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 1:39:00 PM Application Google Installer (GoogleCrashHandler) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.65\GOOGLECRASHHANDL Allowed Application Creation 8/17/2011 1:39:00 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 1:39:00 PM Application Google Installer (GoogleUpdate) C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\GOOGLEUPDATE.EXE Allowed Application Creation 8/17/2011 1:39:00 PM Application Task Scheduler Engine (taskeng) C:\WINDOWS\SYSTEM32\TASKENG.EXE Allowed Application Creation
Time: 8/17/2011 1:39:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 1:40:17 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:17 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:40:18 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:18 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:40:18 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:18 PM
Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 :
Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:40:20 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:20 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:20 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:40:20 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:40:21 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:40:21 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:40:22 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:40:23 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:40:24 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : 8/17/2011 1:40:24 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:40:25 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : 8/17/2011 1:40:27 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:40:29 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:40:29 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: 8/17/2011 1:40:32 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost)
Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: on 10.1.40.255 : 8/17/2011 1:40:34 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:40:37 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:40:42 PM Traffic 10.1.40.44 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:40:45 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:40:45 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 1:40:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:40:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:40:56 PM Traffic 10.1.40.23 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:40:57 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:40:57 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:40:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:41:04 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:41:05 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:41:05 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: 8/17/2011 1:41:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: 8/17/2011 1:41:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:41:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:42:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:42:22 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 1:42:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:38 PM Traffic
IP Address/User: 0.0.0.0 Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:42:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:42:42 PM Event: Traffic IP Address/User: 0.0.0.0 Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:42:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:42:49 PM Event: Traffic IP Address/User: 0.0.0.0 Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:42:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:42:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:43:03 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:43:05 PM Event: Traffic IP Address/User: 0.0.0.0 Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 1:43:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:43:23 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 1:43:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:43 PM Traffic 10.1.40.42 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:44 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:45 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:45 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:46 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:43:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:43:47 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:48 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 1:43:48 PM Traffic
IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:49 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:50 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:51 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:43:51 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: 8/17/2011 1:43:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:43:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 1:44:11 PM Event: Traffic IP Address/User: 10.1.40.62 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.62 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:44:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:44:16 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:16 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:44:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:44:17 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:17 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:44:18 PM Traffic 10.1.40.42 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:18 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:18 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:19 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:19 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:44:20 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:20 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:21 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 1:44:22 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: 8/17/2011 1:44:26 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:26 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:44:26 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:44:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:44:28 PM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:44:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 1:44:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:44:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:19 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:45:19 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:45:21 PM Event: Application IP Address/User:
Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message:
CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:45:21 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:45:21 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:45:21 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:45:22 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:45:22 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:45:22 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:45:22 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:45:23 PM Event: Traffic IP Address/User: 10.1.40.14
Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4783) Destinatio n 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:45:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:45:23 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2512) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 1:45:23 PM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (1199) Destinatio n 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:45:23 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:45:23 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:45:25 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:45:26 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 1:45:27 PM Traffic
IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:45:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:44 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:45:52 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 1:45:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:45:52 PM Traffic 0.0.0.0 Host Process for Windows Services (svchost)
Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:45:54 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:45:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:45:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:45:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:45:58 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:45:58 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:45:59 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: 8/17/2011 1:46:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati
on 10.1.40.255 : (61117) Time: 8/17/2011 1:46:03 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:46:03 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:46:04 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:05 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:06 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:06 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:06 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 1:46:06 PM Traffic
IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:07 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:07 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:08 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:09 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:09 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:10 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: 8/17/2011 1:46:11 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:12 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:13 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:13 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:14 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:14 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:46:15 PM Traffic 10.1.40.42 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:15 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:16 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:16 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:16 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:18 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:19 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: 8/17/2011 1:46:19 PM Traffic 10.1.40.42 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:19 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:46:21 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:22 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:22 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:23 PM Event: Traffic IP Address/User: 10.1.40.59 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.59 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:23 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: 8/17/2011 1:46:23 PM Traffic
IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 1:46:24 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:25 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:46:26 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:28 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:29 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:46:29 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 1:46:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:46:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:46:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:46:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:50 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:46:50 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:46:53 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:46:53 PM Traffic 0.0.0.0 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati
on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:46:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:47:00 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:47:00 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:47:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:47:15 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:47:15 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: 8/17/2011 1:47:17 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:47:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:47:48 PM Event: Traffic IP Address/User: 10.1.40.10 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.10 : (1250) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 1:47:50 PM Event: Traffic IP Address/User: 10.1.40.11 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : netbios-ns (137) D estination 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Description: 8/17/2011 1:47:50 PM Traffic 10.1.40.11 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.11 : netbios-ns (137) D estination 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:47:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:47:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:48:12 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:48:13 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:48:14 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: 8/17/2011 1:48:17 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:48:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:48:37 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:48:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:48:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 1:49:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:49:02 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:49:03 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:49:04 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:49:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:17 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:22 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:27 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 1:49:32 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:49:33 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:49:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:49:34 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: 8/17/2011 1:49:35 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:49:37 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:49:40 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 1:49:41 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 1:49:42 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:49:42 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:47 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:52 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:49:57 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:02 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:50:07 PM Event: Traffic IP Address/User: 10.1.40.42 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.42 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 1:50:07 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:12 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:18 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: 8/17/2011 1:50:21 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:50:21 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:50:23 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:50:23 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:50:23 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:50:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:23 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:50:24 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE
Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
Allowed Application Creation 8/17/2011 1:50:24 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:50:24 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:50:24 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:50:25 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:50:25 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 1:50:27 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:50:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:28 PM Traffic 10.1.40.14 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:50:29 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:50:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:50:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:51:00 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:51:00 PM Traffic 10.1.40.23 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D
estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:01 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:51:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:04 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:51:08 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:51:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:51:08 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:08 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:08 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137)
Time: 8/17/2011 1:51:09 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:09 PM Event: Traffic IP Address/User: 10.1.40.18 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.18 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:10 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:11 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: 8/17/2011 1:51:11 PM Event: Traffic IP Address/User: 10.1.40.26 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.26 : netbios-ns (137) D estination 10.1.40.255 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 1:51:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:14 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:23 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:51:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:51:51 PM Event: Traffic IP Address/User: 10.1.40.63 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.63 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:51:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:51:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message:
8/17/2011 1:52:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:52:52 PM Traffic 0.0.0.0 Host Process for Windows Services (svchost) C:\WINDOWS\SYSTEM32\SVCHOST.EXE Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati
on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:52:52 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:52:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:52:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:52:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:52:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:53:05 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:53:05 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67)
Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 :
8/17/2011 1:53:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:53:21 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:53:21 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 1:53:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:43 PM Traffic
IP Address/User: 10.1.40.44 Message: Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati on 10.1.40.255 : (61117) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:53:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:53:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:53:53 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:53:53 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:53:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:53:56 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:53:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:54:04 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:54:04 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:54:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:54:19 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: 8/17/2011 1:54:19 PM Event: Traffic IP Address/User: 0.0.0.0 Description: Host Process for Windows Services (svchost) Path: C:\WINDOWS\SYSTEM32\SVCHOST.EXE Message: Blocked Incoming UDP - Source 0.0.0.0 : bootpc (68) Destinati on 255.255.255.255 : bootps (67) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: 8/17/2011 1:54:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:23 PM Traffic 10.1.40.14 NT Kernel & System (ntoskrnl)
Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:54:28 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:33 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:54:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : 8/17/2011 1:54:38 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:43 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:48 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117)
Time: 8/17/2011 1:54:51 PM Event: Traffic IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137) Time: 8/17/2011 1:54:51 PM Event: Traffic IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : (2539) Destinatio n 10.1.40.11 : netbios-ns (137) Time: Event: 8/17/2011 1:54:51 PM Traffic
IP Address/User: 192.168.10.66 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.66 : netbios-ns (137) Destination 192.168.10.66 : netbios-ns (137) Time: 8/17/2011 1:54:51 PM Event: Traffic IP Address/User: 10.1.40.45 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.45 : (1307) Destinatio n 10.1.40.11 : netbios-ns (137) Time: 8/17/2011 1:54:51 PM Event: Traffic IP Address/User: 10.1.40.14 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.14 : (4808) Destinatio n 10.1.40.11 : netbios-ns (137) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: 8/17/2011 1:54:53 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:54:58 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:03 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:08 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:13 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:18 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:23 PM Traffic
IP Address/User: 10.1.40.23 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 10.1.40.23 : netbios-dgm (138) Destination 10.1.40.255 : netbios-dgm (138) Time: Event: IP Address/User: Message: on 10.1.40.255 : Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 1:55:23 PM Traffic 10.1.40.44 Blocked Incoming UDP - Source 10.1.40.44 : (61796) Destinati (61117) 8/17/2011 1:55:24 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:55:24 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:55:25 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:55:25 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 1:55:26 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:55:26 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 1:55:26 PM Event: Application IP Address/User: Description: MCSCRIPT_INUSE.EXE
Path: XE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 1:55:26 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 1:55:26 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:55:26 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 1:55:26 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 1:55:26 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 1:58:20 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: 8/17/2011 2:00:26 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:00:26 PM Application
IP Address/User: Description: CONHOST.EXE Path: C:\WINDOWS\SYSTEM32\CONHOST.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: 8/17/2011 2:00:27 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:00:27 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:00:27 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 2:00:27 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:00:27 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:00:27 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:00:27 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:00:27 PM Application
IP Address/User: Description: CONHOST.EXE Path: C:\WINDOWS\SYSTEM32\CONHOST.EXE Message: Allowed Application Creation Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:00:29 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 2:00:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 2:01:47 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:01:48 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:01:49 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:01:54 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:01:55 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137)
Time: 8/17/2011 2:01:55 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: 8/17/2011 2:03:28 PM Application TASKHOST.EXE C:\WINDOWS\SYSTEM32\TASKHOST.EXE Allowed Application Creation 8/17/2011 2:05:28 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:28 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:05:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:29 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:05:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:29 PM
Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 2:05:29 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:29 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:05:29 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:05:31 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:05:31 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 2:09:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:09:48 PM Application Buffer Overflow Protection Rule File Update Utility (entvutil) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: XE Message:
8/17/2011 2:09:48 PM Application VirusScan On-Demand Scanner (Scan64) C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\X64\SCAN64.E Allowed Application Creation
Time: 8/17/2011 2:10:23 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:10:30 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:10:30 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:10:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:10:32 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:10:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:10:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
8/17/2011 2:10:32 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 2:10:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:10:32 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:10:32 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:10:33 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:10:33 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 2:14:01 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:14:02 PM Traffic 192.168.10.65 NT Kernel & System (ntoskrnl) C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137)
Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:14:02 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:14:08 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:14:08 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: 8/17/2011 2:14:09 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-ns (137) Destination 192.168.10.71 : netbios-ns (137) Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:15:32 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:15:32 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:15:34 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 2:15:34 PM Event: Application IP Address/User: Description: fimcli
Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message:
C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:15:34 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:15:34 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 2:15:35 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:15:35 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 2:15:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:15:42 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:15:42 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation
Time: 8/17/2011 2:15:42 PM Event: Application IP Address/User: Description: McAfee Windows Security Center library (WinSecCtr)
Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message:
C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:20:35 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:35 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:20:36 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:36 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:20:36 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:36 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:36 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation
Time: 8/17/2011 2:20:36 PM Event: Application IP Address/User: Description: CONHOST.EXE
Path: Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message:
C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:36 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:20:36 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:20:37 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:20:37 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation
Time: 8/17/2011 2:22:23 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: 8/17/2011 2:24:34 PM Event: Traffic IP Address/User: 192.168.10.65 Description: NT Kernel & System (ntoskrnl) Path: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE Message: Blocked Incoming UDP - Source 192.168.10.65 : netbios-dgm (138 ) Destination 192.168.10.71 : netbios-dgm (138) Time: Event: IP Address/User: Description: Path: Message: 8/17/2011 2:24:55 PM Application Ribbons Screen Saver (Ribbons) C:\WINDOWS\SYSTEM32\RIBBONS.SCR Allowed Application Creation
Time: 8/17/2011 2:25:37 PM Event: Application IP Address/User:
Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: EMAIN.EXE Message: Time: Event: IP Address/User: Description: Path: I.EXE Message: Time: Event: IP Address/User: Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:25:37 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:25:38 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:25:38 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:25:38 PM Application engineMain EXE (engineMain) C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\ENGIN Allowed Application Creation 8/17/2011 2:25:38 PM Application fimcli C:\PROGRAM FILES (X86)\MCAFEE\POLICY AUDITOR AGENT\ENGINE\FIMCL Allowed Application Creation 8/17/2011 2:25:38 PM Application McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:25:38 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation
Time: 8/17/2011 2:25:38 PM Event: Application IP Address/User:
Description: Path: TR.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: XE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: IRE.EXE Message: Time: Event: IP Address/User: Description: Path: Message: Time: Event: IP Address/User: Description: Path: Message:
McAfee Windows Security Center library (WinSecCtr) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\WINSECC Allowed Application Creation 8/17/2011 2:25:38 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:25:40 PM Application AUDIODG.EXE C:\WINDOWS\SYSTEM32\AUDIODG.EXE Allowed Application Creation 8/17/2011 2:25:40 PM Application MCSCRIPT_INUSE.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\MCSCRIPT_INUSE.E Allowed Application Creation 8/17/2011 2:25:40 PM Application CONHOST.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE Allowed Application Creation 8/17/2011 2:25:40 PM Application McAfee HIP Client User Interface (McAfeeFire) C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\MCAFEEF Allowed Application Creation 8/17/2011 2:25:40 PM Application CONSENT.EXE C:\WINDOWS\SYSTEM32\CONSENT.EXE Allowed Application Creation 8/17/2011 2:25:41 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation
Time: 8/17/2011 2:25:41 PM Event: Application IP Address/User: Description: McAfee HIP Client User Interface (McAfeeFire)
Path: IRE.EXE Message: Time: Event: IP Address/User: Description: Path: Message:
C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\MCAFEEF Allowed Application Creation 8/17/2011 2:25:41 PM Application COM Surrogate (dllhost) C:\WINDOWS\SYSTEM32\DLLHOST.EXE Allowed Application Creation
S-ar putea să vă placă și
- RealPlayer LogDocument39 paginiRealPlayer Logmfb_tatiÎncă nu există evaluări
- EmbyserverDocument23 paginiEmbyserveralexander castroÎncă nu există evaluări
- Roxio Creator DE 10.3 Patch LogDocument3 paginiRoxio Creator DE 10.3 Patch LogjchasseÎncă nu există evaluări
- Real Player LogDocument33 paginiReal Player Logjoejoejohn1234567Încă nu există evaluări
- DIALux Setup LogDocument59 paginiDIALux Setup Logpius yangÎncă nu există evaluări
- AutoPlay Media Studio 6.0 Setup LogDocument45 paginiAutoPlay Media Studio 6.0 Setup LogSuparno Cah SragenÎncă nu există evaluări
- Active Setup LogDocument3 paginiActive Setup Logtriwahono_twÎncă nu există evaluări
- Chicken Invaders 3 Setup LogDocument7 paginiChicken Invaders 3 Setup LogPrNcEz0rÎncă nu există evaluări
- Net Surveillance Setup LogDocument9 paginiNet Surveillance Setup LogSergio Bellechasse LissabetÎncă nu există evaluări
- Satellite Based Voice Communication For Air TraffiDocument18 paginiSatellite Based Voice Communication For Air Traffishanaka1984Încă nu există evaluări
- UpdateDocument79 paginiUpdatedesert88Încă nu există evaluări
- Security Incident Analysis Report - 04380946Document12 paginiSecurity Incident Analysis Report - 04380946Ibrahim Khan100% (1)
- L43 - Hybrid Mobile 3Document20 paginiL43 - Hybrid Mobile 3C-dawgÎncă nu există evaluări
- DIALux Setup LogDocument4 paginiDIALux Setup Logmamua717Încă nu există evaluări
- Experimental Physics and Industrial Control System (EPICS) : Bob Dalesio LanlDocument25 paginiExperimental Physics and Industrial Control System (EPICS) : Bob Dalesio LanlMario MartinÎncă nu există evaluări
- Web2py: Ideas We Stole - Ideas We HadDocument47 paginiWeb2py: Ideas We Stole - Ideas We HadMassimo Di Pierro100% (2)
- Nero Micro 9.2.6 Setup LogDocument2 paginiNero Micro 9.2.6 Setup LogNur'Afifah AhmadÎncă nu există evaluări
- Left 4 Dead Setup LogDocument971 paginiLeft 4 Dead Setup Logmanren25Încă nu există evaluări
- Oss Forensics Fosscomm 2011Document45 paginiOss Forensics Fosscomm 2011wolfenicÎncă nu există evaluări
- Software ListDocument11 paginiSoftware ListBrahim LBayhiÎncă nu există evaluări
- Sap SetupDocument14 paginiSap SetupkarimÎncă nu există evaluări
- Sebek Web "ITA" Interface: in 2003, A Group of Teachers andDocument4 paginiSebek Web "ITA" Interface: in 2003, A Group of Teachers andstyasendiriÎncă nu există evaluări
- Broadcast News For AE CS6ReportDocument1 paginăBroadcast News For AE CS6ReportAngelo CarlessoÎncă nu există evaluări
- Easy EmissionDocument5 paginiEasy EmissionfsdfsdfÎncă nu există evaluări
- TROUBLESHOOTING - Montacarag GP40N1Document17 paginiTROUBLESHOOTING - Montacarag GP40N1Kevin SaldanaÎncă nu există evaluări
- Auto Cad NewDocument646 paginiAuto Cad NewSheik SirajahmedÎncă nu există evaluări
- File Transfer TCP Socket Menggunakan JavaDocument27 paginiFile Transfer TCP Socket Menggunakan JavaNugrahaÎncă nu există evaluări
- LicenseDocument25 paginiLicenseCostinadrian99Încă nu există evaluări
- Web For PentesterDocument106 paginiWeb For PentesterJorge CedilloÎncă nu există evaluări
- Tuner Studio App DebugDocument7 paginiTuner Studio App DebugAderbal LoucoÎncă nu există evaluări
- EES Documentation 8-2-13Document7 paginiEES Documentation 8-2-13Arman MalikÎncă nu există evaluări
- Installing Applications For Persistence v2 Win Symbol MC9090Document10 paginiInstalling Applications For Persistence v2 Win Symbol MC9090cristi_csorÎncă nu există evaluări
- Lec23b CSC339-3!11!11 Linux DeliveredDocument11 paginiLec23b CSC339-3!11!11 Linux DeliveredZishan Gul MughalÎncă nu există evaluări
- All The Electron Docs! - ElectronDocument411 paginiAll The Electron Docs! - Electronsasa ilicÎncă nu există evaluări
- The Arsenal, The Armorty and The LibraryDocument51 paginiThe Arsenal, The Armorty and The LibraryD Chris100% (1)
- WinAVI Video Converter 9.0 Setup LogDocument7 paginiWinAVI Video Converter 9.0 Setup LogDeyvi CuaylaÎncă nu există evaluări
- Glossary of ICT TerminologyDocument69 paginiGlossary of ICT TerminologySusai Manickam ParanjothiÎncă nu există evaluări
- Haramaya University: Department of Information SystemsDocument34 paginiHaramaya University: Department of Information SystemsTesnim TesnimzÎncă nu există evaluări
- Rapid CloningDocument11 paginiRapid Cloningkaesas2491100% (1)
- FFFDocument2 paginiFFFnjarambaÎncă nu există evaluări
- Xplico InterfaceDocument13 paginiXplico InterfaceuhilianÎncă nu există evaluări
- Installation: Installing The ServerDocument5 paginiInstallation: Installing The ServerAbcxyz XyzabcÎncă nu există evaluări
- Output LogDocument13 paginiOutput LogPiotr SzubaÎncă nu există evaluări
- MTB61Document6 paginiMTB61smzohaibabbasÎncă nu există evaluări
- Helix Opensource User Manual PDFDocument202 paginiHelix Opensource User Manual PDFDave GordonÎncă nu există evaluări
- 2n Ip HTTP API Manual en 2.23Document104 pagini2n Ip HTTP API Manual en 2.23Nik FÎncă nu există evaluări
- Aiseesoft FoneTrans 9.3.20 Free Download - Karan PCDocument5 paginiAiseesoft FoneTrans 9.3.20 Free Download - Karan PCosctds3Încă nu există evaluări
- ElectronDocument101 paginiElectronGerman Esalas100% (1)
- Embedded Linux Course SlidesDocument571 paginiEmbedded Linux Course SlidesKuan Xing Li100% (2)
- Installation Edu 21 enDocument17 paginiInstallation Edu 21 enKrisztian DamoÎncă nu există evaluări
- Output LogDocument127 paginiOutput Logkojid67325Încă nu există evaluări
- How To Use Tomcat For ADF Application: Software RequirementsDocument24 paginiHow To Use Tomcat For ADF Application: Software RequirementshejuradoÎncă nu există evaluări
- Output LogDocument7 paginiOutput LogPaolino PaperinoÎncă nu există evaluări
- Novel Applications of Xen: Virtual Training & Malware EvaluationDocument23 paginiNovel Applications of Xen: Virtual Training & Malware EvaluationPranav WadhwaniÎncă nu există evaluări
- HHDocument4 paginiHHSphurti KatiyarÎncă nu există evaluări
- Build your own Blockchain: Make your own blockchain and trading bot on your pcDe la EverandBuild your own Blockchain: Make your own blockchain and trading bot on your pcÎncă nu există evaluări
- Mellanox SN2100 Product BriefDocument3 paginiMellanox SN2100 Product BriefWilson OliveiraÎncă nu există evaluări
- HSRP Commands On Cisco IOS-XR Software PDFDocument24 paginiHSRP Commands On Cisco IOS-XR Software PDFHùng QuáchÎncă nu există evaluări
- SURPASS HiT 7020 Technical Description Iss 01Document48 paginiSURPASS HiT 7020 Technical Description Iss 01Claudio Saez0% (1)
- TvlistDocument4 paginiTvlistLuke LiÎncă nu există evaluări
- WebRTC SIP Gateway Doc PDFDocument44 paginiWebRTC SIP Gateway Doc PDFMicroshare Software SolutionsÎncă nu există evaluări
- Routing ProtocolsDocument6 paginiRouting Protocolssmskdevil008Încă nu există evaluări
- JN0 360 PDFDocument152 paginiJN0 360 PDFridha80Încă nu există evaluări
- 101 Labs - Wireshark WCNA by Paul BrowningDocument575 pagini101 Labs - Wireshark WCNA by Paul BrowningDjebali Kaddar100% (3)
- Early Media Rfc3960 v1Document18 paginiEarly Media Rfc3960 v1Hurundi AuÎncă nu există evaluări
- IT Infra & Network Tech Notes 2Document125 paginiIT Infra & Network Tech Notes 2Gerlie TogleÎncă nu există evaluări
- TLS CryptoDocument15 paginiTLS CryptoNiltonÎncă nu există evaluări
- CH 15 Connecting LANs Backbone Networks and Virtual LANs Multiple Choice Questions Answers MCQ PDFDocument12 paginiCH 15 Connecting LANs Backbone Networks and Virtual LANs Multiple Choice Questions Answers MCQ PDFraghad mejeedÎncă nu există evaluări
- Practicetorrent: Latest Study Torrent With Verified Answers Will Facilitate Your Actual TestDocument6 paginiPracticetorrent: Latest Study Torrent With Verified Answers Will Facilitate Your Actual TestEDWARD KIWALABYEÎncă nu există evaluări
- Using VyOS As A FirewallDocument15 paginiUsing VyOS As A Firewallscribd100% (1)
- Amazon Route 53 - AWS Cheat SheetDocument15 paginiAmazon Route 53 - AWS Cheat SheetOswaldo HernandezÎncă nu există evaluări
- VN HMC 1Document9 paginiVN HMC 1Yulin LiuÎncă nu există evaluări
- 5 Active RS-485 R PDFDocument16 pagini5 Active RS-485 R PDFRata IonÎncă nu există evaluări
- Wp4001br2 ManualDocument43 paginiWp4001br2 ManualSinchan Sintetis100% (1)
- Computer Network Lab Program 1Document5 paginiComputer Network Lab Program 1lucasÎncă nu există evaluări
- What Is An IP AddressDocument3 paginiWhat Is An IP AddressAnand BhaskarÎncă nu există evaluări
- 4) Physical Design of IotDocument29 pagini4) Physical Design of IotAkshaya BÎncă nu există evaluări
- Lista de Acrónimos de TelecomunicacionesDocument2 paginiLista de Acrónimos de TelecomunicacionesPaiio CarrascoÎncă nu există evaluări
- Free - Proxy - List GermaDocument2 paginiFree - Proxy - List GermaDaoud AlaliÎncă nu există evaluări
- CCIE LabDocument7 paginiCCIE Labkar_567Încă nu există evaluări
- Internet Multimedia Architecture: Jim Chou and Thinh NguyenDocument31 paginiInternet Multimedia Architecture: Jim Chou and Thinh NguyenEbony GarnerÎncă nu există evaluări
- Big Ip Local Traffic Manager OverviewDocument2 paginiBig Ip Local Traffic Manager OverviewLuis RodriguesÎncă nu există evaluări
- Alcatel ScirbdDocument3 paginiAlcatel ScirbdNovery BriantonoÎncă nu există evaluări
- F3427 User ManualDocument71 paginiF3427 User ManualadouthiÎncă nu există evaluări
- FortiGate, FortiSwitch, and FortiAP - LAN Edge Deployment GuideDocument31 paginiFortiGate, FortiSwitch, and FortiAP - LAN Edge Deployment Guidegnu slimÎncă nu există evaluări
- DRAFT AT&T Iperf Mobile Application User Guide (Aka Iperf Commands 2.0.5 PDFDocument7 paginiDRAFT AT&T Iperf Mobile Application User Guide (Aka Iperf Commands 2.0.5 PDFcivicsrus24Încă nu există evaluări
