11-29-2007 04:12 AM - edited 03-10-2019 03:53 AM
Below is my show version from my 4215. It shows a virus update with v1.2. I have upgraded the signatures but could not find any virus update file on Cisco Site.
Please let me knwo what is this virus update and how they can by updated to the latest version.
Application Partition:
Cisco Intrusion Prevention System, Version 5.1(5)E1
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S309 2007-11-20
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Platform: IDS-4215
Serial Number: 88811041405
Licensed, expires: 31-Dec-2008 UTC
Sensor up-time is 117 days.
Using 357306368 out of 460161024 bytes of available memory (77% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 37.4M out of 166.8M bytes of available disk space (24% usage)
boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)
application-log is using 536.4M out of 2.8G bytes of available disk space (20% usage)
MainApp 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running
AnalysisEngine 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running
CLI 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600
Upgrade History:
* IPS-K9-sp-5.1-5-E1
IPS-sig-s309-req-E1.pkg
Recovery Partition Version 1.1 - 5.1(5)E1
11-29-2007 05:55 AM
That is the latest version.
The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.
The V update could then have been deployed through a Cisco ICS management server.
But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.
Instead, any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.
Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.
11-30-2007 07:18 AM
hi friends,
i want to upgrade the below mentioned ips.i am not finding the proper procedure.pl suggest me either shall i upgrade from sig defnition or service pack & if i upgrade will it compatable with my ids event viewer 4.1.please suggest
i am attaching sh version below
Cisco Intrusion Prevention System, Version 5.1(3)S260.0
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S260.0 2006-11-29
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Platform: IDS-4215
Serial Number: xxxxxxxxx
Licensed, expires: 12-dec-2008 UTC
Sensor up-time is 68 days.
Using 37348943 out of 4604587624 bytes of available memory (76% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 48.2M out of 166.8M bytes of available disk space (30%
usage)
boot is using 35.0M out of 68.6M bytes of available disk space (54% usage)
application-log is using 540.3M out of 2.8G bytes of available disk space (20% u
sage)
MainApp 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Runn
ing
AnalysisEngine 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Runn
ing
CLI 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500
Upgrade History:
* IPS-sig-S254-minreq-5.1-2 19:57:55 UTC Sun Oct 15 2006
IPS-sig-S260-minreq-5.1-2.pkg 19:05:13 UTC Tue Dec 12 2006
Recovery Partition Version 1.1 - 5.1(1)
intsensor#
11-30-2007 08:57 AM
First download and apply the 5.1(7)E1 Service Pack http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
then download and apply the latest Signature Update (today the latest is S309)
11-30-2007 07:20 PM
Hi,
1)i went through readme files of service packs, it says we have to upgrade first to 5.1(3),5.1(4),5.1(5)& 5.1(5)E1 ?
2) each service pack contain set of signatures, so after upgrading with the service pack again i have to go for upgrading signatures ?
3) if i upgrade my ids, then is it need of upgrading my ids event viewer.
pl suggest.
12-03-2007 09:48 AM
1) Many times you can skip to the latest version of 5.x when upgrading Service Packs. In reading the 5.1(7)E1 release notes, you would have found, under the "Required Version" section:
The minimum required version for installing this Service Pack update is
5.0(1) for CLI and IDM users.
This means you can apply 5.1(7)E1 directly to your existing IPS sensor.
2) Each Service Pack DOES contain a set of signatures, current when the Service Pack was built or released. New signatures updates come out about once a week. If you want to run the most current set of signatures, you need to apply the Service Pack and then the latest Signature Update.
3) Your Event Viewer should not change within the 5.x versions of IPS software.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide