Reset Trojan Sigs to default

Answered Question
Oct 16th, 2007

When I first began to tune the sensor, I went in with the IDM and turned on most of the older trojan definitions just to see if anything was hiding in the network. I have not had any hits on those sigs for a couple of weeks and I would like to set all the trojan sigs back to default (ie back to retired) in one stroke via the CLI. I am running version 5 of the IDS software. Is there an easy way to do this? Thanks.

Correct Answer by didyap about 9 years 4 months ago

There is no single command that can reset all trojan signatures to their default values. Your best option is to re-apply the lastest service pack (not latest signature udpate) to the Sensor. This will reset most of the signatures to their default values.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
didyap Mon, 10/22/2007 - 10:21

There is no single command that can reset all trojan signatures to their default values. Your best option is to re-apply the lastest service pack (not latest signature udpate) to the Sensor. This will reset most of the signatures to their default values.

mhellman Mon, 10/29/2007 - 07:23

It's pretty easy using the IDM, but I don't think you can do it using the CLI without knowing the sig numbers. FWIW, I don't think a service pack is going to do it either.

Actions

This Discussion