Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Gold

3340/0 false positives

This signature triggers on =shell: anywhere in the tcp stream.

Isn't there a way to tighten this up? If fires even when I got to the Cisco MySDN page for this signature (because it has the word =shell: in the html returned).

2 REPLIES
Community Member

Re: 3340/0 false positives

Hi,

Thanks for bringing this to our attention, we will have a closer look at this signature to see where it can be improved.

Is it the mainpage of MySDN that causes the FP? If it is something more specific, would you be able to provide the URL please?

Thanks,

Jonathan

Gold

Re: 3340/0 false positives

132
Views
0
Helpful
2
Replies
CreatePlease to create content