Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5914 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS false positive alert: blocks Symantec AV defs.

Scott_Klassen
Rule ID 17297 SPECIFIC-THREATS McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt.
 
This blocks Symantec Endpoint Protection Manager from retreiving updated definitions through Live Update for disseminating to client systems. This is a new rule delivered on Wednesday in u2d-ips-7-193.i686.rpm. I would venture a guess that this is a new "bad" rule.  If you use Symantec Endpoint Protection, you'll want to disable this rule.


This thread was automatically locked due to age.
Parents
  • 0
    On the 'Advanced' tab of 'Intrusion Prevent', you can set the rule to "Alert; Notify on".

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    On the 'Advanced' tab of 'Intrusion Prevent', you can set the rule to "Alert; Notify on".

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner