This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS: many false positives :-(

Hello there,

we're using an ha-constellation with 2 v7.501 appliances.
I register many - maybe - false positives on regular traffic scheme (445, microsoft shares). i get notifications like "BACKDOOR srat 1.6 runtime detection" and so on, but i never get an mail from our antivirus-solution (TrendMicro) over the last year.

anyone with this problem?

This thread was automatically locked due to age.

0 UrsWeiss over 15 years ago

That's normal.

IPS on Astaro needs some work and often gives false positives on bigger environments.
At the beginning, you should set the rules to warning (not block) and check each warning if it is something that should not be blocked. If so, you have to add the rule ID to the exclusion list.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 15 years ago in reply to UrsWeiss

THat's the norm for IPS systems; they must be tuned for each individual environment they are installed in; proper network exceptoins, host exception, some rules will need to be set to alert only, some disabled, etc. IPS systems definitely require skilled management in SMB and Enterprise environments, my company, for example, does this sort of work under contract for many of our Astaro customers.

Whity's Idea is a good one if you are DIY; for us, we have a set of rules and standard settings that we know will work in certain environments, but even with that, tuning is still required.
Cancel
Vote Up 0 Vote Down

Cancel