search cancel

Endpoint protection IPS logs shows inconsistent actions for same IPS signatures

book

Article ID: 175624

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection IPS logs shows inconsistent actions for the same IPS signatures. SID Audit [SID: 27959] signature sometimes shows blocked and sometimes shows allowed.

For example:

[SID: 27959] Audit: SSLV3 Server Hello attack detected but not blocked.
Application path: C:\PROGRAM…

[SID: 27959] Audit: SSLV3 Server Hello attack blocked. Traffic has been blocked
for this application: C:\PROGRAM…

 

Resolution

This issue was fixed in the 17.0 CIDS engine and newer.