To all I have SiteProtector 2.0 running DB server on a Win2000 Server with SQL2000 as the database engine, and Apps server on a separate Win2000 Server. I am seeing a lot of "Registry_autorun_changed" events being recorded by the Apps server. According to the Events Detail, the register entry being touched is "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\cdrom". The Security Information for this event describes how to disable autorun. My question, why and how would this registry entry get modified when there is no CDROM in the drive? I checked the registry entry it refers to and find that autorun for CDROM has already been disabled. Does anyone know what can be causing this event and how to stop it. Since midnight, I have received over 14,000 of these.
Thanks Dan Wangler, GCIA, IT Security Administrator IT Security Response Team, Texas Instruments, Inc. Spring Creek Bldg 1, C196 6500 Chase Oaks Blvd, MS 8417, Plano, Texas, 75023 Tel #: 214-567-8304; Email: [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
