Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Signature update S862 that included Signature ID 6043 Microsoft.HTTP.Sys Remote Code Execution was just released. We are seeing a large amount of alerts on this signature with the alerts coming from machines on our network with the traffic heading o...
I am seeing what I believe is false positives on Sig 4689/1 outbound from our network. When I look at the traffic capture from events it does not seem to match inbound traffic events that fire on the same signature. The inbound traffic looks very muc...
In the past week or so I have been unable to view historical events in the event monitoring tab of the IME for times when I was not logged on to the IME interface. I am able to manaully generate the event log from the sensor monitoring area and it do...
Thanks for the update Kevin. I wish the Cisco IPS group would responded more quickly to these type of issues. There can't be many of us still using their IPS, so their team is probably pretty lean.Mike
Same boat here, thousands of alerts all coming from either google or youtube. Will someone from Cisco please check on this and report back? Thank you. Mike
Since the signature was released it has dominated all events. I also believe it is a false positive.Will someone from Cisco please chime in? Thanks. Mike
Sam, See the other post in the list talking about your problem, "host not trusted".I had the same problem and the fix was to upgrade the IPS to 7.1(9)E4 . Mike
