Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 794 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS warning help

Downsideup

Hi

One of my firewalls reported this error from a user who was VPN's into our network

Any idea what I should do with this warning

BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt



This thread was automatically locked due to age.
Parents
  • FormerMember
    FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    This alert means the traffic generated by the user matched the known IPS signatures. The recommended action is set to "Drop packets" for SID 38085 and 38086. 

    Reference screenshot: 

    You can find more information at Sid 1-43758.

    Thanks,

Reply
  • FormerMember
    FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    This alert means the traffic generated by the user matched the known IPS signatures. The recommended action is set to "Drop packets" for SID 38085 and 38086. 

    Reference screenshot: 

    You can find more information at Sid 1-43758.

    Thanks,

Children
  • in reply to FormerMember

    Hi Harsh, thanks for the quick response, this client is up to date with patches and Sophos endpoint has not blocked anything, is there anything else I should do on the computer?

  • FormerMember
    FormerMember in reply to Downsideup

    Hi ,

    The Sophos XG firewall already has the protection for this detection with those two SIDs mentioned in my previous reply. 

    If IPS policies are configured on your firewall rule, then you don't have to worry about this detection. On the computers, ensure that the browser version is updated and not one of the affected versions mentioned in the link. 

    Thanks,

Unfiltered HTML