Inside this Rule update, the following SIDs in question for the RDP issue have been removed for now until the rules can be re-tuned.
Workaround by Updating SRU
To install the new SRU, please go to your Management Center or Management GUI of your device and go to the updates page itself.
Once you are on the updates page, you can install this by using the following option:
Step 1: On the Rule section of the update page, please select Download new Rule from the support site or manually update the rule package.
Warning: If you select to Reapply all polices after the rule update, please note that this will cause a Snort Restart for your environment during the deploy which can cause a short outage due to the Inspection process restarting.
Step 2: Once the update is complete, you can verify that it is currently running by checking the Version on the top left corner.
Step 3: If you did not decide to deploy when the download was completed, you will have to deploy this change out to devices.
Please note that upon deploy this will cause a snort restart similar to all other upgrades for the changing of the rules themselves.
Workaround without Updating by Disabling the SIDs
Currently, the best recommendation if you are affected is to disable the SID's themselves until the rules are released with the upcoming update.
Step 1: Verify your IPS Policy Configured
In your Access Control Policy, you can see your IPS policies configured by following the yellow Shield Icon representing the protection.
In some environments, you will see a section stated as "Intrusion Policy used before Access Control rule is determined" - This policy will also need to be edited if it is any other field than "No Rule Active"
Warning: If you are using the Default Policies labeled Maximum Detection, Connectivity Over Security, Balanced Security and Connectivity, and Security Over Connectivity, you will need to create a new IPS policy based upon these for editing individual rule criteria.
Spoiler (Highlight to read)Hello everyone!I would like to know if OpenDNS can block command and control from a ransomware atack as Umbrella.Thanks!Hello everyone!I would like to know if OpenDNS can block command and control from a ransomware atack as Umbr...
I was on the fence if this should go in to the ISE category or WSA, but because it's platform specific to the WSA I settled on here.
I wondering what is the maximum number of IP-SGT bindings the WSA platforms can support. I have a customer that has an exi...
So I bought a 5506-X for my home to practice with a lot of equipment like a 3560-8pc, WLC2504 and 2 2702 access points. It's a huge project for a starter but I already hit a bump in the road. I got my ISP to bridge the cable modem so I can receive th...
Hi all, fairly new to Cisco and on an ISR4431 there is an aaa group named flex_aaa and i cannot find the correct command to see what users are in here and also to add a user to that specific group ? anyone point me in the right direction ?Thanks...