cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9381
Views
0
Helpful
10
Replies

need help for AIP-SSM update signature/virus

jason_majie
Level 1
Level 1

Hi All:

i have one AIP-SSM module in my ASA firewall.

I manually download the signature update file install into the IPS module, after that, i check the system info, i saw the virus pattern is still 2007-03-02, any one can tell me how to update the virus pattern?

And one more question, i also have the service.

CON-SUSA-ASIP20K9

IPS   SIGNATURE ONLY ASA AIP Security Service Module-20

with this service, my i do minor upgrade of the IPS system? for example, form E3 to E4?

Thanks a lot.

----------------------

TAC Contact Information
URL:http://www.cisco.com/public/support/tac/home.shtml/
Phone:1 (800) 553-2447

Sensor up-time is 39 days.
Platform: ASA-SSM-20
Booted Partition: application

Partition: application
  Build Version: 6.1(3)E3
  Host:
    Realm Keys      key1.0
  Signature Definition:
    Signature Update      S479.0    2010-03-19
    Virus Update      V1.4    2007-03-02
--------------------------------------------

3 Accepted Solutions

Accepted Solutions

Scott Fringer
Cisco Employee
Cisco Employee

Jason;

  The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).

  You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.

Scott

View solution in original post

Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.

Scott

View solution in original post

Jason;

Cisco's IPS sensors perform signature-based intrusion/exploit

detection. This action may detect network-based virus activity, but the

sensor will not perform full, file-based virus inspection comparable to

a workstation-based solution.

Scott

View solution in original post

10 Replies 10

Scott Fringer
Cisco Employee
Cisco Employee

Jason;

  The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).

  You will be able to apply the E3 to E4 engine update (or any future engine update) with your current service contract.

Scott

Hi scfringe:

thanks for you comprehensive and useful answer.

One more question:

with the service i attached before, may i do major upgrade? like from version 6.1 to 7.x?

Thanks

Yes, you may perform an upgrade from release 6.1 to either 6.2 or 7.0.

Scott

Hi Fringer:

Need to check with you about this.

[The vuirus update component of IPS signature updates was maintained as part of the Cisco Incident Control Server (a joint effort with Trend Micro).  The virus component is no longer updated as the CICS product is no longer available (and is no longer displayed as of the E4 engine update).]

Does it mean, the IPS has no more virus-scan component inside?

Best regards

Jason

Jason;

Cisco's IPS sensors perform signature-based intrusion/exploit

detection. This action may detect network-based virus activity, but the

sensor will not perform full, file-based virus inspection comparable to

a workstation-based solution.

Scott

Hi Scott:

Thanks for you reply.

one more question:

When using the IME software, i saw auto-upgade option. (please see the attached foto)

and there is a url :"https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl"

when i try to access this url manually, it the page is not available.

I want to ask, is this auto-upgrade from cisco option still able to use? if yes, what if the IPS module need to configure a proxy?

Best regards

Jason;

That URL is correct, and is not accessible by a regular browser

session; it is designed to be accessed by the IPS software specifically.

The auto-update process for signatures and analysis engines (not base

software) does not currently support passing through a proxy, it will

need direct access to the Internet to successfully complete.

Scott

Hello Guys,

how can enable auto update from cisco.com for signatures and engines using IDM?

I have cisco AIP-SSM-10 6.0 installed on an ASA and I am currently downloading signature updats manually. I also have a valid CCO account.

Please advise,

Moustafa

Moustafa;

Automatic signature updates direct from Cisco were introduced in IPS

release 6.1. To add this capability to your AIP-SSM-10, you will need

to upgrade to a more recent release (6.2 or 7.0). You will then have

the ability to configure the automatic updates within IDM by navigating to:

Configuration>Sensor Management>Auto/Cisco.com Update

- check the box next to "Enable Signature and Engine Updates from Cisco.com"

- provide the necessary credentials and scheduling details in the

"Cisco.com Server Settings" panel (you may need to click the light blue

bar).

Scott

Dear Scot,

I'm not able to use auto-update feature in AIP-SSM module, I have removed proxy and other settings are configured properly but still no success.

Any idea?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: