cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
178
Views
0
Helpful
1
Replies
smjaggers
Beginner

CSA Rule ID 46 module '<unknown@0x860d3008>'

Hello,

I have been seeing this module kick of rule 46 at multiple clients (the 0x860d3008 memory address is varied). Has anyone successfully figured out a way to investigate what this is, and how to tune it? I know I could create a blanket rule, but I want to see what it is first. The problem is the logs get flooded with the 596 alert, even though it does not block anything, I know that most customers who look at this will stop paying attention. That whole cry wolf thing.

Thanks

1 REPLY 1
tsteger1
Collaborator

Hi Shawn

What version of CSA and what specific rule type and module is this? I'm guessing either Trojan Detection (older) or Kernel Protection rule (newer).

Remember that your Rule 46 may not match someone else's because of different versions, multiple upgrades, etc..

As I recall, it was almost impossible to make an exception for this without knowing the application that triggered it.

Tom

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad