06-28-2010 08:40 PM - edited 03-10-2019 05:02 AM
Hi All:
i have one AIP-SSM module in my ASA firewall.
I manually download the signature update file install into the IPS module, after that, i check the system info, i saw the virus pattern is still 2007-03-02, any one can tell me how to update the virus pattern?
And one more question, i also have the service.
CON-SUSA-ASIP20K9 | IPS SIGNATURE ONLY ASA AIP Security Service Module-20 |
with this service, my i do minor upgrade of the IPS system? for example, form E3 to E4?
Thanks a lot.
----------------------
TAC Contact Information
URL:http://www.cisco.com/public/support/tac/home.shtml/
Phone:1 (800) 553-2447
Sensor up-time is 39 days.
Platform: ASA-SSM-20
Booted Partition: application
Partition: application
Build Version: 6.1(3)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S479.0 2010-03-19
Virus Update V1.4 2007-03-02
--------------------------------------------
Solved! Go to Solution.
06-29-2010 03:39 AM
Jason;
The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro). The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).
You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.
Scott
06-30-2010 04:08 AM
Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.
Scott
07-01-2010 05:09 AM
Jason;
Cisco's IPS sensors perform signature-based intrusion/exploit
detection. This action may detect network-based virus activity, but the
sensor will not perform full, file-based virus inspection comparable to
a workstation-based solution.
Scott
06-29-2010 03:39 AM
Jason;
The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro). The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).
You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.
Scott
06-29-2010 10:44 PM
Hi scfringe:
thanks for you comprehensive and useful answer.
One more question:
with the service i attached before, may i do major upgrade? like from version 6.1 to 7.x?
Thanks
06-30-2010 04:08 AM
Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.
Scott
07-01-2010 02:10 AM
Hi Fringer:
Need to check with you about this.
[The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro). The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).]
Does it mean, the IPS has no more virus-scan component inside?
Best regards
Jason
07-01-2010 05:09 AM
Jason;
Cisco's IPS sensors perform signature-based intrusion/exploit
detection. This action may detect network-based virus activity, but the
sensor will not perform full, file-based virus inspection comparable to
a workstation-based solution.
Scott
07-15-2010 12:14 AM
Hi Scott:
Thanks for you reply.
one more question:
When using the IME software, i saw auto-upgade option. (please see the attached foto)
and there is a url :"https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl"
when i try to access this url manually, it the page is not available.
I want to ask, is this auto-upgrade from cisco option still able to use? if yes, what if the IPS module need to configure a proxy?
Best regards
07-15-2010 03:36 AM
Jason;
That URL is correct, and is not accessible by a regular browser
session; it is designed to be accessed by the IPS software specifically.
The auto-update process for signatures and analysis engines (not base
software) does not currently support passing through a proxy, it will
need direct access to the Internet to successfully complete.
Scott
08-03-2010 12:35 AM
Hello Guys,
how can enable auto update from cisco.com for signatures and engines using IDM?
I have cisco AIP-SSM-10 6.0 installed on an ASA and I am currently downloading signature updats manually. I also have a valid CCO account.
Please advise,
Moustafa
08-03-2010 03:28 AM
Moustafa;
Automatic signature updates direct from Cisco were introduced in IPS
release 6.1. To add this capability to your AIP-SSM-10, you will need
to upgrade to a more recent release (6.2 or 7.0). You will then have
the ability to configure the automatic updates within IDM by navigating to:
Configuration>Sensor Management>Auto/Cisco.com Update
- check the box next to "Enable Signature and Engine Updates from Cisco.com"
- provide the necessary credentials and scheduling details in the
"Cisco.com Server Settings" panel (you may need to click the light blue
bar).
Scott
01-03-2012 01:14 AM
Dear Scot,
I'm not able to use auto-update feature in AIP-SSM module, I have removed proxy and other settings are configured properly but still no success.
Any idea?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide