Whenadding signer information and saving it within the HIPS Catalogue, I noticedthat what is entered is not reflected after hitting saved. For example:
I enteredthe following info:
CN=MICROSOFTCORPORATION, O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
But when I go back to view the signer info now saved in ePO,it shows as follows:
CN=MICROSOFT CORPORATION, O=MICROSOFT CORPORATION, L=REDMOND, ST=WASHINGTON,C=US
It changes it from S to ST. I canb’t seem to get this to save as it hasbeen entered. Even when I make an exception, or added it as atrusted app froman IPS event it shows it as “S” however as soon as it is saved it shows it as “ST”
My concern is....Will this then not work properly when building rulesbased on signer info since it does not match??
I'm not entirely sure why the S= is changed to ST=, but I tested it with an IE signature-based firewall rule and it still worked fine.
As always...thanks for the help Kary. Very much appreciated.
I tested it as well, and saw no negative effect, however i was not 100%comfortable in with what I was seeing. I just saw it as a possible issue, wellhopefully it does not impact the effects of rules built around Signer Info
I am seeing this same problem.
Currently noted with Microsoft signature that has both variants, both S and ST. It looks fine until after I have saved and applied the policy.
I still have stragglers popping up that show a S. When I view the IPS policy, sure enough, the Signer has been changed and I now have two signatures that reflect ST.
Anyone see anything like this?
CN=MICROSOFT WINDOWS, OU=MOPR, 0=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
Is changed to:
CN=MICROSOFT WINDOWS, OU=MOPR, 0=MICROSOFT CORPORATION, L=REDMOND, ST=WASHINGTON, C=US
Affecting conhost, services & winlogon to name a few.
The strange thing is that it seems to work at first. When tuning, I see the number of signatures firing definitely dropping.
however, I just looked and see I have over a dozen servers firing 400+ signatures in the last 24 hours alone.