Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1482
Views
0
Helpful
0
Comments

How to configure CS-MARS to prevent Day Zero exploit

TCC_2
Level 10
Level 10

‎06-22-2009 04:37 PM - edited ‎03-08-2019 06:16 PM

Core issue

A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

Resolution

In order to prevent Day Zero exploit, these rules can be configured CS-MARS:

  • System Rule: Client Exploit - Mass Mailing Worm

  • System Rule: Network Activity: Excessive Denies - Host Compromise Likely

  • System Rule: Worm Propagation - Attempt

  • System Rule: Sudden Traffic Increase To Port

  • System Rule: Modify Host: Registry

  • System Rule: Modify Host: Security

Refer to System Rules and Reports for more information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents