IPS - File identification and false positives
Hi,
we move medical files (e.g.: dcm files - CT slices) between VLANs. In many cases, the operation is interrupted and the USG500 log shows that the IPS module has detected the following threats:
Microsoft Office BMP Header biClrUsed Integer Overflow
HP Data Protector CRS Multiple Stack Buffer-Overflows
The log does not show exactly which file had a problem (there are thousands of them).
I have two questions:
How can I find the suspicious file?
I think these are false positives, how can this be corrected?
Thanks!
All Replies
-
Hi @nubira
Thank you for contacting us.
Could you please provide the following information to us via private message?
(1) What is your current firmware version and IPS signature version?
(2) Please assist in reproducing this symptom, collect the packet file, and take a screenshot of the Monitor Log for us.
(3) If these two IPS profiles (Microsoft Office BMP Header biClrUsed Integer Overflow and HP Data Protector CRS Multiple Stack Buffer-Overflows) are affecting your service, please deactivate them temporarily.0
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 83 Nebula Status and Incidents
- 5.2K Security
- 98 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 922 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 212 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 975 Nebula FAQ
- 426 Security FAQ
- 238 Switch FAQ
- 212 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight