This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS warning help

Downsideup over 4 years ago

One of my firewalls reported this error from a user who was VPN's into our network

Any idea what I should do with this warning

BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt

This thread was automatically locked due to age.

FormerMember over 4 years ago

Hi Downsideup,

Thanks for reaching out to the Community!

This alert means the traffic generated by the user matched the known IPS signatures. The recommended action is set to "Drop packets" for SID 38085 and 38086.

Reference screenshot:

You can find more information at Sid 1-43758.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
Downsideup over 4 years ago in reply to FormerMember

Hi Harsh, thanks for the quick response, this client is up to date with patches and Sophos endpoint has not blocked anything, is there anything else I should do on the computer?
Cancel
Vote Up 0 Vote Down

Cancel
FormerMember over 4 years ago in reply to Downsideup

Hi Downsideup,

The Sophos XG firewall already has the protection for this detection with those two SIDs mentioned in my previous reply.

If IPS policies are configured on your firewall rule, then you don't have to worry about this detection. On the computers, ensure that the browser version is updated and not one of the affected versions mentioned in the link.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 4 years ago

Hi and welcome to the UTM Community!

Your prior posts were in the Web Appliance and XG Firewall Communities. Harsh gave you an answer not for a UTM, but for an XG firewall. Tell us what Sophos product to which this question applies and one of us will move it to the correct forum.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel