need help for AIP-SSM update signature/virus

Answered Question
Jun 28th, 2010
User Badges:

Hi All:

i have one AIP-SSM module in my ASA firewall.

I manually download the signature update file install into the IPS module, after that, i check the system info, i saw the virus pattern is still 2007-03-02, any one can tell me how to update the virus pattern?


And one more question, i also have the service.

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:宋体; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

CON-SUSA-ASIP20K9

IPS   SIGNATURE ONLY ASA AIP Security Service Module-20


with this service, my i do minor upgrade of the IPS system? for example, form E3 to E4?



Thanks a lot.



----------------------

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} TAC Contact Information
URL:http://www.cisco.com/public/support/tac/home.shtml/
Phone:1 (800) 553-2447

Sensor up-time is 39 days.
Platform: ASA-SSM-20
Booted Partition: application

Partition: application
  Build Version: 6.1(3)E3
  Host:
    Realm Keys      key1.0
  Signature Definition:
    Signature Update      S479.0    2010-03-19
    Virus Update      V1.4    2007-03-02
--------------------------------------------

Correct Answer by Scott Fringer about 6 years 10 months ago

Jason;


Cisco's IPS sensors perform signature-based intrusion/exploit

detection. This action may detect network-based virus activity, but the

sensor will not perform full, file-based virus inspection comparable to

a workstation-based solution.


Scott

Correct Answer by Scott Fringer about 6 years 11 months ago

Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.


Scott

Correct Answer by Scott Fringer about 6 years 11 months ago

Jason;


  The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).


  You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Scott Fringer Tue, 06/29/2010 - 03:39
User Badges:
  • Cisco Employee,

Jason;


  The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).


  You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.


Scott

jason_majie Tue, 06/29/2010 - 22:44
User Badges:

Hi scfringe:


thanks for you comprehensive and useful answer.


One more question:

with the service i attached before, may i do major upgrade? like from version 6.1 to 7.x?


Thanks

Correct Answer
Scott Fringer Wed, 06/30/2010 - 04:08
User Badges:
  • Cisco Employee,

Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.


Scott

jason_majie Thu, 07/01/2010 - 02:10
User Badges:

Hi Fringer:


Need to check with you about this.


[The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).]


Does it mean, the IPS has no more virus-scan component inside?


Best regards

Jason

Correct Answer
Scott Fringer Thu, 07/01/2010 - 05:09
User Badges:
  • Cisco Employee,

Jason;


Cisco's IPS sensors perform signature-based intrusion/exploit

detection. This action may detect network-based virus activity, but the

sensor will not perform full, file-based virus inspection comparable to

a workstation-based solution.


Scott

jason_majie Thu, 07/15/2010 - 00:14
User Badges:

Hi Scott:


Thanks for you reply.


one more question:

When using the IME software, i saw auto-upgade option. (please see the attached foto)


and there is a url :"https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl"


when i try to access this url manually, it the page is not available.


I want to ask, is this auto-upgrade from cisco option still able to use? if yes, what if the IPS module need to configure a proxy?


Best regards

Scott Fringer Thu, 07/15/2010 - 03:36
User Badges:
  • Cisco Employee,

Jason;


That URL is correct, and is not accessible by a regular browser

session; it is designed to be accessed by the IPS software specifically.

The auto-update process for signatures and analysis engines (not base

software) does not currently support passing through a proxy, it will

need direct access to the Internet to successfully complete.


Scott

Mustafa Al Housami Tue, 08/03/2010 - 00:35
User Badges:

Hello Guys,

how can enable auto update from cisco.com for signatures and engines using IDM?

I have cisco AIP-SSM-10 6.0 installed on an ASA and I am currently downloading signature updats manually. I also have a valid CCO account.

Please advise,

Moustafa

Scott Fringer Tue, 08/03/2010 - 03:28
User Badges:
  • Cisco Employee,

Moustafa;


Automatic signature updates direct from Cisco were introduced in IPS

release 6.1. To add this capability to your AIP-SSM-10, you will need

to upgrade to a more recent release (6.2 or 7.0). You will then have

the ability to configure the automatic updates within IDM by navigating to:


Configuration>Sensor Management>Auto/Cisco.com Update


- check the box next to "Enable Signature and Engine Updates from Cisco.com"

- provide the necessary credentials and scheduling details in the

"Cisco.com Server Settings" panel (you may need to click the light blue

bar).


Scott

nomair_83 Tue, 01/03/2012 - 01:14
User Badges:
  • Bronze, 100 points or more

Dear Scot,


I'm not able to use auto-update feature in AIP-SSM module, I have removed proxy and other settings are configured properly but still no success.


Any idea?

Actions

This Discussion