Hello everybody,
maybe I'm to dump to see it but I've got a problem with the IPS.
The Livelog shows me the following warning:
2011:06:09-08:32:07 RZ1FWL001 snort[15214]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt" group="320" srcip="138.190.35.25" dstip="192.168.5.2" proto="6" srcport="80" dstport="55178" sid="18196" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
So I said to myself: Hmm, make an exception for this IP that it is not dropt silently.
The rule I've made for this exception as shown in the attached file.
But the exception is not working anyhow... I still got the IP blocked and I don't know why! Can somebody explain it to me or show me a way to get this exception working!?
Thanks,
Imogen
This thread was automatically locked due to age.
