[ecorreale]

When my users use a VPN connection I start getting alarms about a CIFS Worm ID CPAI5201, //spoolss attack from the VPN client to a single print server. It's always the same print server and always from clients that have that printer installed on their systems. The common printers for each client are an HP 9000 and an HP800 series plotter. These alarms stop if I stop the spooler service on the vpn client. I have scanned the computers with Norton AntiVirus using the latest DATs, no virus or worms found.


Is this a false positive, or am I missing something?