1 of 1 people found this helpful
I'm not entirely sure why the S= is changed to ST=, but I tested it with an IE signature-based firewall rule and it still worked fine.
As always...thanks for the help Kary. Very much appreciated.
I tested it as well, and saw no negative effect, however i was not 100%comfortable in with what I was seeing. I just saw it as a possible issue, wellhopefully it does not impact the effects of rules built around Signer Info
I am seeing this same problem.
Currently noted with Microsoft signature that has both variants, both S and ST. It looks fine until after I have saved and applied the policy.
I still have stragglers popping up that show a S. When I view the IPS policy, sure enough, the Signer has been changed and I now have two signatures that reflect ST.
Anyone see anything like this?
CN=MICROSOFT WINDOWS, OU=MOPR, 0=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
Is changed to:
CN=MICROSOFT WINDOWS, OU=MOPR, 0=MICROSOFT CORPORATION, L=REDMOND, ST=WASHINGTON, C=US
Affecting conhost, services & winlogon to name a few.
The strange thing is that it seems to work at first. When tuning, I see the number of signatures firing definitely dropping.
however, I just looked and see I have over a dozen servers firing 400+ signatures in the last 24 hours alone.