Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NetSky.p

I have a IPS in the border and have qualified deny packet, deny connection and deny to attacker for the signature of NetSky and have noticed in my internal antivirus that the IPS this not blocking NetSky. The antivirus detects W32/NetSky.p.em What I can do?

4 REPLIES
Cisco Employee

Re: NetSky.p

What AV solution are you using? I ran a quick search of the more common vendors and can't find reference to this specific version of netsky.

We do have some Netsky covereage, but it is limited to the variants covered by signature 3136.

New Member

Re: NetSky.p

The AV that use is McAfee.

The AV detect W32/NetSky.d.em!!.exe and W32/NetSky.p.em!!.exe.

I have qualified signature 3136, but even so she does not detect it, blocks it either.

Cisco Employee

Re: NetSky.p

We use TrendMicro's naming of virus'. We detect the P variant in signatures 3136-3 and 3136-4 on virus file attachments ending in "scr", "pif", "cmd", "exe", and "zip" via SMTP.

In an attempt to cross reference McAfee with Trend, W32/NetSky.p.em!!.exe from McAfee looks like it might be the same as Trend's P variant, however I can not be 100% certain.

We do not have a signature for the .d.em variant.

New Member

Re: NetSky.p

But my IPS is not block all signatures W32/NetSky. How i can do?

129
Views
0
Helpful
4
Replies
CreatePlease login to create content