Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA Rule ID 46 module '<unknown@0x860d3008>'

Hello,

I have been seeing this module kick of rule 46 at multiple clients (the 0x860d3008 memory address is varied). Has anyone successfully figured out a way to investigate what this is, and how to tune it? I know I could create a blanket rule, but I want to see what it is first. The problem is the logs get flooded with the 596 alert, even though it does not block anything, I know that most customers who look at this will stop paying attention. That whole cry wolf thing.

Thanks

1 REPLY
Blue

Re: CSA Rule ID 46 module '<unknown@0x860d3008>'

Hi Shawn

What version of CSA and what specific rule type and module is this? I'm guessing either Trojan Detection (older) or Kernel Protection rule (newer).

Remember that your Rule 46 may not match someone else's because of different versions, multiple upgrades, etc..

As I recall, it was almost impossible to make an exception for this without knowing the application that triggered it.

Tom

104
Views
0
Helpful
1
Replies
CreatePlease login to create content