Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure CS-MARS to prevent Day Zero exploit

Core issue

A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

Resolution

In order to prevent Day Zero exploit, these rules can be configured CS-MARS:

  • System Rule: Client Exploit - Mass Mailing Worm

  • System Rule: Network Activity: Excessive Denies - Host Compromise Likely

  • System Rule: Worm Propagation - Attempt

  • System Rule: Sudden Traffic Increase To Port

  • System Rule: Modify Host: Registry

  • System Rule: Modify Host: Security

Refer to System Rules and Reports for more information.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:37 PM
Updated by:
 
Labels (1)