Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 1 of 1

Detect TCP protocol anomalies and session hijacking

Hi Dear community.

I'm now reading on the "Variables" option on ESM

Can someone explain the fallowing ?!

Thank you very much.


Detect TCP protocol anomalies and session hijacking

You can detect and alert on TCP protocol anomalies and check to TCP session hijacking using the Stream5 preprocessor variable.


  1. On the ESM console, click the Policy Editor icon .
  2. In the Rule Types pane, click Variable.
  3. In the rules display pane, click preprocessor, then select STREAM5_TCP_PARAMS.
  4. On the Modify Variable page, add one of the following in the Value field:
    • To detect and alert on TCP protocol anomalies, add detect_anomalies after policy first.

    • To check for TCP session hijacking, add detect_anomalies check_session_hijacking after policy first.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community