1 2 Previous Next 12 Replies Latest reply on Oct 19, 2017 1:33 PM by mjesmer

    Verifying Emergency UDS Signature Behavior Prior to Applying/Deploying

    tony.martinez

      Is there a way to verify the blocking behavior for an emergency UDS signature prior to applying?

       

      Example:

      • We received notification about Emergency UDS KB89776
      • Emergency UDS has been downloaded and ready to upload to the NSM
      • I searched the Mcafee support site and did not find anything for KB89776
      • The following signatures are covered by this Emergency UDS
        • UDS-Malware: Locky Ransomware Activity Detected II
        • UDS-HTTP: Locky Malware Download Detected
        • UDS-HTTP: Embedded DOCM File Detected in PDF
        • UDS-SMTP: Embedded DOCM File Detected in PDF
        • UDS-HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805)
      • Where can I find information regarding what the blocking behavior of these signatures?
        • Attack packets only?
        • Smartblocking?
        • Blocked?

       

      I thought there was usually release notes each UDS release that provided this information but I have not been able to locate.

       

      Thank You

        1 2 Previous Next