Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
3
Replies

Managed switch detected as intrusion

mdeth
Level 1
Level 1

‎03-20-2024 08:36 AM

Hi,

Our antivirus software keeps detecting and blocking "OS detection" intrusions originating from one of our cisco switches.
Does anyone have an idea what could be triggering the intrusion detection? My first thought was that maybe CDP wasn't playing nice with the software but even after disabling it we get the same intrusion detections.

Labels:
0 Helpful
3 Replies 3

Aref Alsouqi
VIP
VIP

‎03-20-2024 09:03 AM

Would you mind sharing the intrusion event for review?

0 Helpful

mdeth
Level 1
Level 1

‎03-20-2024 09:10 AM

This is what we see in our AV dashboard.
mdeth_0-1710950804173.png

We could of course simply enable an exception for the switch IP but since we're not yet sure whether it's a false positive or an actual intrusion attempt we'd rather not at this time.

 

0 Helpful

Aref Alsouqi
VIP
VIP

‎03-20-2024 09:35 AM

Mmm, it does not say much. I would try to look at the documentation to trying to see what values would trigger the OS Detection event and take it from there.

0 Helpful
Customers Also Viewed These Support Documents