Hi
We get this alert message, but the issue is that when you click on the ref link: mentioned almost at the end of this message, it says this alert has triggered due to vulnerability with one of the user PC which seems do not have an AV installed. But the PC was installed with the antivirus and was updated perfectly.
This messages keeps on triggering for many PCs in the network even though those PCs have AV installed.
Message meets Alert condition
The following intrusion was observed: .
date=2012-08-26 time=15:11:12 devname=SLRB-TSD-FG-FW1 device_id=FG200B3911605574 log_id=0419016384 type=ips subtype=signature pri=alert severity=high carrier_ep=" N/A" profilegroup=" N/A" profiletype=" N/A" profile=" N/A" src=10.24.12.62 dst=10.24.12.201 src_int=" RE-1" dst_int=" port16" policyid=7 identidx=0 serial=22002232 status=dropped proto=17 service=31337/udp vd=" root" count=1 attack_name=Back.Orifice.Traffic src_port=14767 dst_port=31337 attack_id=293732353 sensor=" IPS_Test" ref=" http://www.fortinet.com/ids/VID293732353" user=" N/A" group=" N/A" incident_serialno=392494845 msg=" back_orifice: Back.Orifice.Traffic, (key: 31337)"