This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to copy Windows 10 ISO across IPS inspection fails

Hi,

If I try to copy the Windows 10 ISO between a PC and a server on different subnets, but where traffic is scanned by the IPS service, it gets dropped and the following is logged:

2015:08:06-13:21:35 aldhamnetfw1 snort[7492]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt" group="110" srcip="192.168.100.143" dstip="192.168.250.102" proto="6" srcport="59588" dstport="445" sid="18500" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

Is this correct?

Cheers,
Steve

This thread was automatically locked due to age.

Parents

0 Coder68 over 10 years ago

I would think this would work:

Make an exception for coming from or going to that subnet. You can always disable the exception once done. (Leave it there for future issues).

See attached image.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Coder68 over 10 years ago

I would think this would work:

Make an exception for coming from or going to that subnet. You can always disable the exception once done. (Leave it there for future issues).

See attached image.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data