Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
999
Views
0
Helpful
1
Replies

DCE2_EVENT__SMB_BAD_NEXT_COMMAND_OFFSET

Go to solution
dcanady55
Level 1
Level 1

‎11-22-2022 01:13 PM

Hello,

Does anyone know if this is still considered a bug in 7.0 within the FMC? I'm seeing a lot of these events being triggered from folks copying to and from our share drive. I'm not sure if whitelisting is the best way to go or if there's another route to take. Thanks in advance for any feedback.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-22-2022 10:49 PM

Hi @dcanady55,

I'm not aware of any bug regarding this specific signature. There was a bug CSCvp54541 about missing signature, but that was very long time ago. It really depends what SMB server are you using, and how does it work in general. You can see more details about specific IPS rule here.

If you are confident that this is regular traffic, then you can suppress this one.

Kind regards,

Milos

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-22-2022 10:49 PM

Hi @dcanady55,

I'm not aware of any bug regarding this specific signature. There was a bug CSCvp54541 about missing signature, but that was very long time ago. It really depends what SMB server are you using, and how does it work in general. You can see more details about specific IPS rule here.

If you are confident that this is regular traffic, then you can suppress this one.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card