Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
5
Replies

IDSM-2 vs Netsky.aa

minbank-cco
Level 1
Level 1

‎12-14-2005 04:09 AM - edited ‎03-10-2019 01:48 AM

Hello! My IDSM-2 (ver. 5.0.5 with latest signature updates) on Cat6513 (CatOS) doesn't catch Netsky.aa virus, while my antivirus software does... Why? How I can drop the Netsky.aa activity with IDSM?

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

jlimbo
Level 1
Level 1

‎12-14-2005 08:47 PM

We do cover Netsky under signatures 3136-0 to 3136-11 however we do not cover the variant Netsky.aa. If you look at the overall risk rating for TREND for this virus it is low. We partner with trend to cover virus or worms at medium to high severity levels.

Hope that explains things.

0 Helpful

minbank-cco
Level 1
Level 1
In response to jlimbo

‎12-14-2005 09:57 PM

Thanks for answer. Low TREND is very strange reason to pass viruses through. Is it a very hard work to add one Netsky.aa signature?

0 Helpful

jlimbo
Level 1
Level 1
In response to minbank-cco

‎12-15-2005 10:51 PM

We did not decide to pass this vulnerability off due to the difficulty. We decide to write a signature based on the severity of a vulnerability hence we only cover medium to high severity.

0 Helpful

minbank-cco
Level 1
Level 1
In response to jlimbo

‎12-20-2005 12:58 AM

Ok,ok... And what about these:

Email-Worm.Win32.NetSky.q

Email-Worm.Win32.Sober.y

Email-Worm.Win32.Bagle.dx

Email-Worm.Win32.NetSky.b

Email-Worm.Win32.Doombot.b

Net-Worm.Win32.Mytob.q

Net-Worm.Win32.Mytob.c

Net-Worm.Win32.Bobic.k

Email-Worm.Win32.Bagle.gen

Email-Worm.Win32.Bagle.bw

Do you plan to add all vir signatures to IDS?

Also, do you plan to release anti-spam filter for IDSM-2?

Kind regards.

0 Helpful

wsulym
Cisco Employee
Cisco Employee
In response to minbank-cco

‎12-20-2005 07:15 AM

Seeing as we partner with TrendMicro for virus and malware, we also happen to use their naming convention. I was able to cross reference some of the list you submitted, coverage as noted below.

That said, the IDS/IPS is a network intrusion sensor, not an antivirus solution. We provide coverage for viris/worms/malware that are fast breaking and pose significant risk to the end customer, but we do not cover every threat out there. For virus/worms/malware that are elevated to a High severity on TrendMicro's site, you'll see a signature on the IDS platform for it.

To my knowledge, there are no plans to incorporate anti-spam filtering on the IDS/IPS platforms at this time. Frankly, it doesn't make much sense to me to have your IDS filter for spam, but that's just my opinion.

Email-Worm.Win32.NetSky.q

3136-5 Netsky.Q pif

Email-Worm.Win32.Sober.y

Is known as WORM_SOBER.AG to TrendMicro and is covered by signature 3137-6

Email-Worm.Win32.Bagle.dx

Is known as WORM_BAGLE.BM to TrendMicro, rated as low, no signature.

Email-Worm.Win32.NetSky.b

We don not cover the B variant, but do cover the following: c,d,e,k,j,p,q,s,x,y,ab,z

Did a quick search on Trend's site, but didn't find a match to these:

Email-Worm.Win32.Doombot.b

Net-Worm.Win32.Mytob.q

Net-Worm.Win32.Mytob.c

Net-Worm.Win32.Bobic.k

Email-Worm.Win32.Bagle.gen

Email-Worm.Win32.Bagle.bw

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card