https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438580#M94991 <HTML><HEAD></HEAD><BODY><P>We do cover Netsky under signatures 3136-0 to 3136-11 however we do not cover the variant Netsky.aa. If you look at the overall risk rating for TREND for this virus it is low. We partner with trend to cover virus or worms at medium to high severity levels.</P><P></P><P>Hope that explains things.</P></BODY></HTML> Thu, 15 Dec 2005 04:47:29 GMT jlimbo 2005-12-15T04:47:29Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438579#M94989 <P>Hello! My IDSM-2 (ver. 5.0.5 with latest signature updates) on Cat6513 (CatOS) doesn't catch Netsky.aa virus, while my antivirus software does... Why? How I can drop the Netsky.aa activity with IDSM?</P><P>Thanks in advance.</P> Sun, 10 Mar 2019 09:48:11 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438579#M94989 minbank-cco 2019-03-10T09:48:11Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438580#M94991 <HTML><HEAD></HEAD><BODY><P>We do cover Netsky under signatures 3136-0 to 3136-11 however we do not cover the variant Netsky.aa. If you look at the overall risk rating for TREND for this virus it is low. We partner with trend to cover virus or worms at medium to high severity levels.</P><P></P><P>Hope that explains things.</P></BODY></HTML> Thu, 15 Dec 2005 04:47:29 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438580#M94991 jlimbo 2005-12-15T04:47:29Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438581#M94993 <HTML><HEAD></HEAD><BODY><P>Thanks for answer. Low TREND is very strange reason to pass viruses through. Is it a very hard work to add one Netsky.aa signature? </P></BODY></HTML> Thu, 15 Dec 2005 05:57:47 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438581#M94993 minbank-cco 2005-12-15T05:57:47Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438582#M94994 <HTML><HEAD></HEAD><BODY><P>We did not decide to pass this vulnerability off due to the difficulty. We decide to write a signature based on the severity of a vulnerability hence we only cover medium to high severity. </P></BODY></HTML> Fri, 16 Dec 2005 06:51:55 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438582#M94994 jlimbo 2005-12-16T06:51:55Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438583#M94995 <HTML><HEAD></HEAD><BODY><P>Ok,ok... And what about these:</P><P></P><P>Email-Worm.Win32.NetSky.q</P><P>Email-Worm.Win32.Sober.y </P><P>Email-Worm.Win32.Bagle.dx </P><P>Email-Worm.Win32.NetSky.b</P><P>Email-Worm.Win32.Doombot.b </P><P>Net-Worm.Win32.Mytob.q </P><P>Net-Worm.Win32.Mytob.c </P><P>Net-Worm.Win32.Bobic.k </P><P>Email-Worm.Win32.Bagle.gen </P><P>Email-Worm.Win32.Bagle.bw</P><P></P><P>Do you plan to add all vir signatures to IDS?</P><P>Also, do you plan to release anti-spam filter for IDSM-2?</P><P></P><P>Kind regards. </P></BODY></HTML> Tue, 20 Dec 2005 08:58:07 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438583#M94995 minbank-cco 2005-12-20T08:58:07Z https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438584#M94996 <HTML><HEAD></HEAD><BODY><P>Seeing as we partner with TrendMicro for virus and malware, we also happen to use their naming convention. I was able to cross reference some of the list you submitted, coverage as noted below.</P><P></P><P>That said, the IDS/IPS is a network intrusion sensor, not an antivirus solution. We provide coverage for viris/worms/malware that are fast breaking and pose significant risk to the end customer, but we do not cover every threat out there. For virus/worms/malware that are elevated to a High severity on TrendMicro's site, you'll see a signature on the IDS platform for it.</P><P></P><P>To my knowledge, there are no plans to incorporate anti-spam filtering on the IDS/IPS platforms at this time. Frankly, it doesn't make much sense to me to have your IDS filter for spam, but that's just my opinion.</P><P></P><P>Email-Worm.Win32.NetSky.q</P><P>3136-5 Netsky.Q pif</P><P></P><P>Email-Worm.Win32.Sober.y </P><P>Is known as WORM_SOBER.AG to TrendMicro and is covered by signature 3137-6</P><P></P><P>Email-Worm.Win32.Bagle.dx </P><P>Is known as WORM_BAGLE.BM to TrendMicro, rated as low, no signature.</P><P></P><P>Email-Worm.Win32.NetSky.b</P><P>We don not cover the B variant, but do cover the following: c,d,e,k,j,p,q,s,x,y,ab,z</P><P></P><P>Did a quick search on Trend's site, but didn't find a match to these:</P><P>Email-Worm.Win32.Doombot.b</P><P>Net-Worm.Win32.Mytob.q </P><P>Net-Worm.Win32.Mytob.c </P><P>Net-Worm.Win32.Bobic.k </P><P>Email-Worm.Win32.Bagle.gen </P><P>Email-Worm.Win32.Bagle.bw</P></BODY></HTML> Tue, 20 Dec 2005 15:15:19 GMT https://community.cisco.com/t5/network-security/idsm-2-vs-netsky-aa/m-p/438584#M94996 wsulym 2005-12-20T15:15:19Z