Intrusion Prevention



This indicates the detection of attacks using Metasploit psexec module, which uses a valid administrator username and password to upload arbitrary executable and create a new service using it.

Affected Products

Any Windows system


System Compromise: Remote attackers can execute arbitrary code within the context of the application.

Recommended Actions

The signature's action can be set to "Block" to prevent this attack.