Intrusion Prevention



It indicates an attempt to launch a remote command shell on a Windows machine.
Attackers may inject a very small executable on a Windows machine that can bring up the "cmd" or command prompt of the machine as a remote console. This provides attackers with complete access to the victim system without any authorization or authentication.

Affected Products

Any unprotected Windows system is vulnerable to the attack.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.