https://community.cisco.com/t5/network-security/ips-signature/m-p/2960740#M43553 <P>As explained here:</P> <P>https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=5081&amp;signatureSubId=0&amp;soft_1</P> <P>...it's when cmd.exe is detected in a URL.</P> <P>There's no good reason why any legitimate web site would invoke cmd.exe thus it is blocked in the default IPS signature set.</P> Mon, 03 Oct 2016 14:09:44 GMT Marvin Rhoads 2016-10-03T14:09:44Z https://community.cisco.com/t5/network-security/ips-signature/m-p/2960739#M43551 <P>We sometimes receive attacks on this signature 'WWW WinNT cmd.exe Access' and are stopped by IPS.</P> <P>Can someone help me understand what exactly&nbsp;is signature?</P> Sun, 10 Mar 2019 13:41:32 GMT https://community.cisco.com/t5/network-security/ips-signature/m-p/2960739#M43551 Reshma Raje 2019-03-10T13:41:32Z https://community.cisco.com/t5/network-security/ips-signature/m-p/2960740#M43553 <P>As explained here:</P> <P>https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=5081&amp;signatureSubId=0&amp;soft_1</P> <P>...it's when cmd.exe is detected in a URL.</P> <P>There's no good reason why any legitimate web site would invoke cmd.exe thus it is blocked in the default IPS signature set.</P> Mon, 03 Oct 2016 14:09:44 GMT https://community.cisco.com/t5/network-security/ips-signature/m-p/2960740#M43553 Marvin Rhoads 2016-10-03T14:09:44Z https://community.cisco.com/t5/network-security/ips-signature/m-p/2960741#M43554 <P>Thank you for your response Marvin.&nbsp;</P> <P>Can you help me further understand, is the URL in such cases an internal URL or external URL.</P> <P>If it's an internal URL, does it mean that there was an external attack on the internal URL.</P> Mon, 17 Oct 2016 09:09:07 GMT https://community.cisco.com/t5/network-security/ips-signature/m-p/2960741#M43554 Reshma Raje 2016-10-17T09:09:07Z