So I understand the premise of the .sdf file of what its doing, and the 3 different options to load, attack-drop.sdf, 128MB.sdf, or 256MB.sdf.
But what I'm not sure about, is this signature like what the other AV vendors use? If so, why isn't there a feature to update the signatures on a daily basis?
So I would think with the rate threats are emerging, my sdf files I got 1 year ago are way out of date and would not work for any current viruses in the wild.
Hi Guys ,
A quick Questions ,
On 14 Sepetmebr Microsoft Announced a vulnerability in MS Print spooler Service and Cisco Released a IPS Signature for that
29459.0 Microsoft Windows Print spooler Design Flaw advanced Vulnerability
I see thousand of signatures being triggered in my IME console (I think it is probably due to the way we share Printers), couple of days later cisco Retired that signature.
I want to know that Vulnerability still exists , and My servers team is struggeling to sort out that MS patch , Because they installed it and Server crashed ,
Should i enable the signature , would it still be able to track any suspecious packet or not as Cisco says it is Retired in 23rd September bulliten.
Why cisco retire Signature ?
When it is not in use.
When it is old (whihs is not the case in My situation)
Or Cisco assume that Every one have patched by now.
Thanks in Advance for you time and advice.