Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
0
Helpful
2
Replies

IPS Signature

Reshma Raje
Level 1
Level 1

‎10-03-2016 03:54 AM - edited ‎03-10-2019 06:41 AM

We sometimes receive attacks on this signature 'WWW WinNT cmd.exe Access' and are stopped by IPS.

Can someone help me understand what exactly is signature?

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-03-2016 07:09 AM

As explained here:

https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=5081&signatureSubId=0&soft_1

...it's when cmd.exe is detected in a URL.

There's no good reason why any legitimate web site would invoke cmd.exe thus it is blocked in the default IPS signature set.

0 Helpful

Reshma Raje
Level 1
Level 1
In response to Marvin Rhoads

‎10-17-2016 02:09 AM

Thank you for your response Marvin. 

Can you help me further understand, is the URL in such cases an internal URL or external URL.

If it's an internal URL, does it mean that there was an external attack on the internal URL.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card