topic Help with Microsoft DCE RPC Big Endian Evasion Vulnerability 33510 in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/help-with-microsoft-dce-rpc-big-endian-evasion-vulnerability/m-p/230735#M402 <P>I have Googled this and read up on numerous links, but I cannot find anything of value on this threatID.&nbsp; I have 30-40 events a day from various IP addresses on my network, usually 1 event per IP, sometimes 2 events.&nbsp; I have scanned several of the PC's with 3 different popular scanners, nothing found. I have monitored the traffic from the PCs and nothing is talking to suspicious IP addresses.&nbsp; I cannot find a specific Microsoft patch associated with this vulnerability.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Any thoughts on this? false positive? Is there a MS patch to ensure my systems aren't vulnerable?&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thank you.</P> Thu, 13 Sep 2018 15:42:01 GMT smc007 2018-09-13T15:42:01Z Help with Microsoft DCE RPC Big Endian Evasion Vulnerability 33510 https://live.paloaltonetworks.com/t5/advanced-threat-prevention/help-with-microsoft-dce-rpc-big-endian-evasion-vulnerability/m-p/230735#M402 <P>I have Googled this and read up on numerous links, but I cannot find anything of value on this threatID.&nbsp; I have 30-40 events a day from various IP addresses on my network, usually 1 event per IP, sometimes 2 events.&nbsp; I have scanned several of the PC's with 3 different popular scanners, nothing found. I have monitored the traffic from the PCs and nothing is talking to suspicious IP addresses.&nbsp; I cannot find a specific Microsoft patch associated with this vulnerability.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Any thoughts on this? false positive? Is there a MS patch to ensure my systems aren't vulnerable?&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thank you.</P> Thu, 13 Sep 2018 15:42:01 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/help-with-microsoft-dce-rpc-big-endian-evasion-vulnerability/m-p/230735#M402 smc007 2018-09-13T15:42:01Z Re: Help with Microsoft DCE RPC Big Endian Evasion Vulnerability 33510 https://live.paloaltonetworks.com/t5/advanced-threat-prevention/help-with-microsoft-dce-rpc-big-endian-evasion-vulnerability/m-p/231230#M412 <P>Hello,</P><P>While it could be a false positive, it might not be ( tough to say).&nbsp; I would suggest gathering a pcap and see what is actually going on. PAN support can assist if you need them to. Also make sure the following is installed:</P><P>&nbsp;</P><P><A href="https://www.rapid7.com/db/vulnerabilities/dcerpc-ms-emapper-bof" target="_blank">https://www.rapid7.com/db/vulnerabilities/dcerpc-ms-emapper-bof</A></P><P>&nbsp;</P><P>Also in my experience, I block anything meduium or higher.</P><P>&nbsp;</P><P>Hope that helps.</P> Tue, 18 Sep 2018 14:38:51 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/help-with-microsoft-dce-rpc-big-endian-evasion-vulnerability/m-p/231230#M412 OtakarKlier 2018-09-18T14:38:51Z