This indicates an attempt to use the RPC service to get the list of remote machines that have logged in users. This information can be obtained by sending an RPC request.
Risk
Low
Popularity
Medium
Characteristic
Loss of productivity? Have disclosed vulnerability? Can bypass firewall policy? Contain built-in function for other purposes? Can communicate in clear text or via proxy? Can support file transfer? Can be misused? Can tunnel other apps?
Affected Applications
rpc.rusersd
Recommended Actions
If required, the signature can be set to "BLOCK" to block rpc.rusersd requests.