Intrusion Prevention



It indicates detection of scanning activity from the Walksam tool for administrative account information.
A remote attacker can use Walksam to dump the user information found within the SAM database via Named Pipes or using the additional protocol sequences of Windows 2000.

Affected Products

Any unprotected Windows NT or 2000 is vulnerable to the attack.


Information leak may assist future attacks.

Recommended Actions

You can enable this signature to block it.