10-14-2005 03:59 PM - edited 03-10-2019 01:41 AM
I have a IPS in the border and have qualified deny packet, deny connection and deny to attacker for the signature of NetSky and have noticed in my internal antivirus that the IPS this not blocking NetSky. The antivirus detects W32/NetSky.p.em What I can do?
10-17-2005 06:22 AM
What AV solution are you using? I ran a quick search of the more common vendors and can't find reference to this specific version of netsky.
We do have some Netsky covereage, but it is limited to the variants covered by signature 3136.
10-21-2005 10:28 AM
The AV that use is McAfee.
The AV detect W32/NetSky.d.em!!.exe and W32/NetSky.p.em!!.exe.
I have qualified signature 3136, but even so she does not detect it, blocks it either.
10-21-2005 01:06 PM
We use TrendMicro's naming of virus'. We detect the P variant in signatures 3136-3 and 3136-4 on virus file attachments ending in "scr", "pif", "cmd", "exe", and "zip" via SMTP.
In an attempt to cross reference McAfee with Trend, W32/NetSky.p.em!!.exe from McAfee looks like it might be the same as Trend's P variant, however I can not be 100% certain.
We do not have a signature for the .d.em variant.
11-02-2005 11:00 AM
But my IPS is not block all signatures W32/NetSky. How i can do?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide