10 deprecated signatures:
HIGH | DOS:WINDOWS:WINNUKE-NETBIOS | DOS: WinNuke (netbios) | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
LOW | SCAN:CYBERCOP:FINGER-QUERY | SCAN: Cybercop Finger Query | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
HIGH | IP:SRC-ROUTE-OF | IGMP: Source Route Overflow | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
HIGH | DOS:IP:IGMP-OVERSIZE | DOS: IGMP Oversize | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
HIGH | NETBIOS:DOS:RFPOISON | NETBIOS RFPoision DOS Attack | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
MEDIUM | FINGER:USER:ROOT | FINGER: User "root" | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
MEDIUM | HTTP:STC:CLSID:ACTIVEX:WH32-OF | HTTP: WinHelp32.exe Remote Buffer Overrun | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
MEDIUM | SMB:MS-WIN-2000-LANMAN-UDP-DOS | SMB: Microsoft Windows 2000 Lanman UDP Denial of Service | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
MEDIUM | FINGER:USER:SLASH-FILE | FINGER: / File Query | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
INFO | SCAN:MISC:HTTP:FINGER-PROBE | SCAN: Finger Probe | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
2 new signatures:
MEDIUM | HTTP:MISC:PARTIAL-GZIP-COMP | HTTP: HTTP Payload Not Fully Gzip Compressed |
MEDIUM | HTTP:STC:SCRIPT:OBFU-VB-SCRIPT | HTTP: Suspicious Obfuscated VBscript detection |
4 updated signatures:
HIGH | HTTP:INSEC-DSERILZN-1 | HTTP: GE MDS PulseNET Spring Remoting HTTPInvoker Insecure Deserialization |
HIGH | HTTP:STC:DL:MS-CVE-2018-8345-CE | HTTP: Microsoft Windows CVE-2018-8345 Remote Code Execution |
HIGH | HTTP:STC:DL:MS-CVE-2018-8406-PE | HTTP: Microsoft Windows CVE-2018-8406 Elevation of Privilege |
MEDIUM | HTTP:MISC:GWT-INFO-DISC | HTTP: CA ARCserve D2D GWT RPC Request Credentials Disclosure |
This signature will detect Suspicious Obfuscated VB script. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being accessed by a user. A successful attack allows the Web page creator to take control of the victim's system.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
This signature detects attempts to exploit insecure deserialization vulnerability against GE MDS PulseNET and PulseNET Enterprise. Successful exploitation can result in arbitrary code execution in the context of the user running PulseNET.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
This signature detects an attempt to exploit a known vulnerability in Microsoft Windows. Successful exploitation could allow an attacker to execute arbitrary code into the users's context.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
This signature detects an attempt to exploit a known vulnerability in Microsoft Windows. Successful exploitation could allow an attacker to run processes in an elevated context.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
This signature will detect the incomplete gzip compressed HTTP payload.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
This signature detects attempts to exploit a known vulnerability against CA ARCserve D2D. A successful attack can result in credentials disclosure and thereafter arbitrary code execution.
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1