Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
1
Replies

S218 Signature Update - FTP Sig 3150.1 Tuning

DFiore
Level 1
Level 1

‎03-06-2006 12:42 PM - edited ‎03-10-2019 01:55 AM

Hello All,

I'm running IDS 4.1.5 with signature S218 on my 4235 sensor. Ever since I've updated the device and event-viewer for S218, I have false positives (for my environment) with sig ID 3150.1 "FTP Remote Command Execution". My servers anti-virus software uses ftp every half hour to download new av sigs. Every 1/2 hour the IDS fires off an alert for sig-id 3150.1 alerting that an FTP session occured. My Question- Can I tune the sig not to fire based on paramaters? Such as ip add of my av server? Please let me know what you think... Remember, I only have access to the cmd line on the device. We don't use any mgmt s/w other than the Cisco Event Viewer running on the IDS mgmt computer.

Sincerely,

David

Labels:
0 Helpful
1 Reply 1

wsulym
Cisco Employee
Cisco Employee

‎03-06-2006 02:49 PM

There was a false positive identified with that signature in s218. S219 will contain a modified signature to address this. S219 is in the final stages of testing and should be out on CCO later today, possibly tomorrow morning.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card