Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 1 of 1

Detect TCP protocol anomalies and session hijacking

Hi Dear community.

I'm now reading on the "Variables" option on ESM

Can someone explain the fallowing ?!

Thank you very much.


Detect TCP protocol anomalies and session hijacking

You can detect and alert on TCP protocol anomalies and check to TCP session hijacking using the Stream5 preprocessor variable.


  1. On the ESM console, click the Policy Editor icon .
  2. In the Rule Types pane, click Variable.
  3. In the rules display pane, click preprocessor, then select STREAM5_TCP_PARAMS.
  4. On the Modify Variable page, add one of the following in the Value field:
    • To detect and alert on TCP protocol anomalies, add detect_anomalies after policy first.

    • To check for TCP session hijacking, add detect_anomalies check_session_hijacking after policy first.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.