4 Replies Latest reply on Jun 9, 2011 11:59 PM by thelostworld

    HIP 8 fault IPS detection : Suspicious Double File Extension Execution

      I use HIP 8 and found a fault detection for Suspicious Double File Extension Execution (even the .exe file is not double file extension) - this is due to the path contains a FQDN e.g.

       

      Time:  11/01/2011 12:10:55
      Event:  Intrusion
      IP Address/User:  abc def
      Description:  wzzip.exe
      Path: \\FIL001.ASIA.MYINTERNAL.COM\VOL2$\IT\WZZIP.EXE

      Message:  Attack type: Suspicious Double File Extension Execution (Sig Id = 413)

      Trying to put the full path as an exception but HIP 8 still found a fault detection, any suggestion ?