Just a heads up note so folks aren't too surprised if they find an updated content file showing up in the repository for VSE.
In "Help" | "About" we describe it as the "Buffer Overflow and Access Protection DAT Version", which is currently version 647 for VSE 8.8. We can expect to see a newer version next week. (Exact date isn't clear)
All this means is clients will retrieve it and adopt it, as part of the usual DAT update process.
The change in the content file we're trying to push out to the field, is an update to some default rules so that they include an exclusion for the newer Tomcat7.exe process that ePO 5.x is now using.
Without the exclusion in place some AP rules get triggered.
If you're seeing those violations already, yes, you can just add the exclusion for the Tomcat process yourself to the appropriate rule(s) - that's a viable solution - but we felt we can/should do that too by updating the content file.
Sounds harmless? It's supposed to .
I appreciate the heads up. Until the new BOF rules are released, could you provide a list of the 'AP rules' that you suggest need updating?
Looks like it's only the one rule needing the change... the "Prevent mass mailing worms from sending mail" rule.
Version 647 tries to use some new logic to find the install path to the Tomcat5.exe or Tomcat7.exe, and that logic may fail for some systems (a variable we're using may not expand to the correct/expected string).
If it were failing for you, you'd notice it - because the AP rule would be getting violated.
But adding the process name as an exclusion will solve it, as would waiting for the new content file to be released.