I'll update the documentation shortly. This signature is also a component of the following META signatures: 5556-4, 6279-0, 6297-0, 6298-0, 6403-0, 6408-0, 6409-0, 6410-0, 6524-0, 6534-0, 6535-0, 6536-0, 6544-0, 6794-0, 6795-0, 6930-0, 6940-0, 6942-0...
We believe we've identified an engine issue that affects signatures 5588-0,1 and 6769-0. It looks like the easiest work around is to just add the parameter smb command: 37 to the signatures. Due to the nature of the issue detection should not be affe...
We've identified a false positive for signature 3337-0 in S303. As a work around for signature 3337-0 apply the following tuning to the signature:specify-operation: yesoperation: 0At present we are building S304 which addresses this issue.
In this case I think I would write a return web signature so that we detect malicious incoming web pages (instead of ones that have been clicked).I would consider something along the following lines:String.tcpFrom servicePort: #WEBPORTSSummary Mode: ...