Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1520 Views 8 Replies Latest reply: Mar 16, 2012 12:59 PM by Travler RSS
Travler The Place at McAfee Member 255 posts since
Mar 28, 2008
Currently Being Moderated

Mar 5, 2012 1:06 PM

False positive...?

Anyone else experience the following?

 

After our sensor received the 7.5.8.9 signature file in the early morning hours of March 2nd, we started getting tons of email alerts for the following:

 

HTTP: IE CreateTextRange Code Execution Vulnerability

 

These "attacks" were from a few hundred different IPs mostly to our Web Gateway.  (A few were from our Web Gateway to our Firewall.)

 

Today, I reverted our sensor to the 7.5.7.7 signature file and the alerts immediately stopped and I haven't received a single one since.

 

Any thoughts?


ePO 4.6.6 (Build: 176)
MA 4.8.0.1500

VSE 8.8.0.975, 5400 Engine (2600+ systems)
EE Agent 7.0.3.413
EEPC 7.0.3.413
Intrushield 5.1.17.7
I-2700 Sensor 5.1.5.217

MWG 7.3.2.8.0 (17286)
MWR 5.2 (Build: 1086)
MFE 8.3.2 Patch2
  • ottawa_tech_31 Apprentice 91 posts since
    Feb 6, 2010
    Currently Being Moderated
    1. Mar 5, 2012 2:22 PM (in response to Travler)
    Re: False positive...?

    Same issue here...

  • rangerlj Apprentice 71 posts since
    Jan 3, 2010
    Currently Being Moderated
    2. Mar 5, 2012 7:09 PM (in response to Travler)
    Re: False positive...?

    How to revert sensor to original sin version?

  • rangerlj Apprentice 71 posts since
    Jan 3, 2010
    Currently Being Moderated
    4. Mar 7, 2012 6:56 PM (in response to Travler)
    Re: False positive...?

    Thanks a lot! My friend!

  • daloy McAfee Employee 56 posts since
    Sep 17, 2010
    Currently Being Moderated
    6. Mar 16, 2012 11:22 AM (in response to Travler)
    Re: False positive...?

    This (and other) false positives are corrected on the latest sigset 7.5.9.6.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points