Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Enhanced Metafile Buffer Overflow, 5694

Clients connecting to yahoo mail at 217.12.10.252 via an http proxy server are triggering hundreds of events for Enhanced Metafile Buffer Overflow, id = 5694. Sig Version: S201

Are others seeing the same?

Is this false positive?

2 REPLIES
New Member

Re: Enhanced Metafile Buffer Overflow, 5694

Hi Darin,

We would like to look into this further, can you please provide a traffic sample or at least an output of produce verbose alert.

Thanks,

Jonathan

New Member

Re: Enhanced Metafile Buffer Overflow, 5694

i dont have one right now. i will try to collect one for you.

126
Views
0
Helpful
2
Replies
CreatePlease to create content