Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

S218 Signature Update - FTP Sig 3150.1 Tuning

Hello All,

I'm running IDS 4.1.5 with signature S218 on my 4235 sensor. Ever since I've updated the device and event-viewer for S218, I have false positives (for my environment) with sig ID 3150.1 "FTP Remote Command Execution". My servers anti-virus software uses ftp every half hour to download new av sigs. Every 1/2 hour the IDS fires off an alert for sig-id 3150.1 alerting that an FTP session occured. My Question- Can I tune the sig not to fire based on paramaters? Such as ip add of my av server? Please let me know what you think... Remember, I only have access to the cmd line on the device. We don't use any mgmt s/w other than the Cisco Event Viewer running on the IDS mgmt computer.



Cisco Employee

Re: S218 Signature Update - FTP Sig 3150.1 Tuning

There was a false positive identified with that signature in s218. S219 will contain a modified signature to address this. S219 is in the final stages of testing and should be out on CCO later today, possibly tomorrow morning.

CreatePlease login to create content