Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 3203 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should we just turn off IPS all together?

stealthmatt_01
Well looks like with this new update 9.103 we are getting a few different IPS rules that are having issues;

New one this morning pulling my head out, clearing internet cache, excluding the site from web filtering, changing internet browser thinking it was IE, changing computers and applying windows and adobe pdf updates.... no luck!

so anyways this was the IPS issue

Rule ID: 20146 FILE-PDF attempted download of a PDF with embedded PICT image Malware

So now an embedded picture image is malware? nice....

Here is the pdf if anyone wants to have look (just make sure your IPS rule is off)

http://goautomedia.cdn.on.net/goautonews/GoAutoNews_686.pdf

.


This thread was automatically locked due to age.
Parents
  • 0
    i don't think it is the file remotely...i can't say for sure if it's a true bug in the ips..as it's not a huge reported issue..it's either your ips or your network has an issue..which rule is alerting?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • 0
    i don't think it is the file remotely...i can't say for sure if it's a true bug in the ips..as it's not a huge reported issue..it's either your ips or your network has an issue..which rule is alerting?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children
No Data
Cookie Information Banner