https://community.cisco.com/t5/network-security/dce2-event-smb-bad-next-command-offset/m-p/4726145#M1095250 <P>Hello,</P><P>Does anyone know if this is still considered a bug in 7.0 within the FMC? I'm seeing a lot of these events being triggered from folks copying to and from our share drive. I'm not sure if whitelisting is the best way to go or if there's another route to take. Thanks in advance for any feedback.</P><P>&nbsp;</P> Tue, 22 Nov 2022 21:13:01 GMT dcanady55 2022-11-22T21:13:01Z https://community.cisco.com/t5/network-security/dce2-event-smb-bad-next-command-offset/m-p/4726145#M1095250 <P>Hello,</P><P>Does anyone know if this is still considered a bug in 7.0 within the FMC? I'm seeing a lot of these events being triggered from folks copying to and from our share drive. I'm not sure if whitelisting is the best way to go or if there's another route to take. Thanks in advance for any feedback.</P><P>&nbsp;</P> Tue, 22 Nov 2022 21:13:01 GMT https://community.cisco.com/t5/network-security/dce2-event-smb-bad-next-command-offset/m-p/4726145#M1095250 dcanady55 2022-11-22T21:13:01Z https://community.cisco.com/t5/network-security/dce2-event-smb-bad-next-command-offset/m-p/4726355#M1095261 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/333484">@dcanady55</a>,</P> <P>I'm not aware of any bug regarding this specific signature. There was a bug CSCvp54541 about missing signature, but that was very long time ago. It really depends what SMB server are you using, and how does it work in general. You can see more details about specific IPS rule <A href="https://snort.org/rule_docs/133-59" target="_self">here</A>.</P> <P>If you are confident that this is regular traffic, then you can suppress this one.</P> <P>Kind regards,</P> <P>Milos</P> Wed, 23 Nov 2022 06:49:37 GMT https://community.cisco.com/t5/network-security/dce2-event-smb-bad-next-command-offset/m-p/4726355#M1095261 Milos_Jovanovic 2022-11-23T06:49:37Z