11-09-2012 07:42 AM
Hi,
Anyone have experience of this firing off continuously for 'normal' LAN traffic (deffo not being used as an evasion technique) since the signature was modified (v337)?
Cheers
11-10-2012 01:37 AM
It is set for medium severity (https://threatvault.paloaltonetworks.com/Home/ThreatDetail/32332) which would mean that it will be blocked if you use a somewhat sane IPS setup of:
critical: block
high: block
medium: block
low: default
informational: default
What about if you block the traffic in your case - will the clients start to complain? Any specific clients like Win8 or Samba *nix clients or such (to narrow it down)?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
