Network Protection: Firewall, NAT, QoS, & IPS [Sophos Notification] Advisory: Sophos UTM - Latest IPS pattern update triggering SENSITIVE-DATA Rules

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Notification] Advisory: Sophos UTM - Latest IPS pattern update triggering SENSITIVE-DATA Rules

FloSupport over 6 years ago

Hi Community,

Sophos is currently investigating customer reports of SENSITIVE-DATA IPS alerts after the latest IPS pattern update.

Traffic containing sensitive data being sent over plain text SMTP, HTTP, FTP-Data, IMAP, or POP3 may be incorrectly blocked by Intrusion Prevention.

The following reasons can be seen:

SENSITIVE-DATA Credit Card Numbers
SENSITIVE-DATA U.S. Social Security Numbers (with dashes)
SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)
SENSITIVE-DATA U.S. Phone Numbers
SENSITIVE-DATA Email Addresses

This article has been published to provide more information and the available workarounds.

Regards,

This thread was automatically locked due to age.

Parents

FloSupport over 6 years ago
Update 5-30-2019
Sophos has rolled back the IPSBundle to the previous pattern (IPSBundle 9.199). The fixed pattern version is 9-201.
Users should verify that their UTM has updated to this new pattern.

To verify that the UTM has the correct ipsbundle2 version:

rpm -qa | grep ipsbundle2
u2d-ipsbundle2-9-201
Cancel
Vote Up 0 Vote Down

Cancel

Reply

FloSupport over 6 years ago
Update 5-30-2019
Sophos has rolled back the IPSBundle to the previous pattern (IPSBundle 9.199). The fixed pattern version is 9-201.
Users should verify that their UTM has updated to this new pattern.

To verify that the UTM has the correct ipsbundle2 version:

rpm -qa | grep ipsbundle2
u2d-ipsbundle2-9-201
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data