Today, ips-4250-sx (not-in-line) upgraded from v6.0(4)E1 to 6.0(5)E2. (S335) to (S339)
1st appearance & flood of red alerts,
all internal sources and destinations:
1) Windows DCOM Overflow 0&1 subsigs:
(1100src/100dst=86k total hits)
2) Netware LSASS CIFS.NLM Driver Overflow: (145src/140dst=2.5k total hits)
3) Print Spooler Service Overflow: (140src/75dst=2.4k total hits)
- hit accumulation in 7hrs since upgrade
Is there some signature tweaking to be done? or is it TAC time?
Anybody else experience this?
-thanks for any advise