Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS 4.1 PHP injection alarms

After updating one of the signature files (ver. 198) last week, I have been receiving several alarms for PHP injection coming from my site and out to Google and other addresses. None are inbound as I am not running PHP on any of our servers and they have all been patched. I've followed up on the machines in question and found them to be needing an update to the latest windows patches. They have all had updated antivirus signatures. The last straw was when my machine was flagged and I am meticulous about applying patches and anti-spyware scanning. Is there anyone else running into this? Is it a false positive?

Regards,

Mark

  • Intrusion Prevention Systems/IDS
2 REPLIES
Cisco Employee

Re: IDS 4.1 PHP injection alarms

We have identified a false positive with signature 5638; this will be corrected in an upcoming signature update.

New Member

Re: IDS 4.1 PHP injection alarms

Many thanks for your fast reply.

Have a great day... Mark

120
Views
0
Helpful
2
Replies