https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575295#M92677 <P>This signature triggers on =shell: anywhere in the tcp stream.</P><P></P><P>Isn't there a way to tighten this up? If fires even when I got to the Cisco MySDN page for this signature (because it has the word =shell: in the html returned).</P> Sun, 10 Mar 2019 10:09:32 GMT mhellman 2019-03-10T10:09:32Z https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575295#M92677 <P>This signature triggers on =shell: anywhere in the tcp stream.</P><P></P><P>Isn't there a way to tighten this up? If fires even when I got to the Cisco MySDN page for this signature (because it has the word =shell: in the html returned).</P> Sun, 10 Mar 2019 10:09:32 GMT https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575295#M92677 mhellman 2019-03-10T10:09:32Z https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575296#M92678 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for bringing this to our attention, we will have a closer look at this signature to see where it can be improved. </P><P></P><P>Is it the mainpage of MySDN that causes the FP? If it is something more specific, would you be able to provide the URL please?</P><P></P><P>Thanks,</P><P>Jonathan</P></BODY></HTML> Thu, 10 Aug 2006 00:49:09 GMT https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575296#M92678 jlimbo 2006-08-10T00:49:09Z https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575297#M92679 <HTML><HEAD></HEAD><BODY><P>I believe it triggered on this URL:</P><P></P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3340&amp;signatureSubId=0" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewSignature.x?signatureId=3340&amp;signatureSubId=0</A></P></BODY></HTML> Thu, 10 Aug 2006 01:22:05 GMT https://community.cisco.com/t5/network-security/3340-0-false-positives/m-p/575297#M92679 mhellman 2006-08-10T01:22:05Z