This SRU number: 2014-11-24-001
Previous SRU number: 2014-11-20-001
Applies to:
This SEU number: 1210
Previous SEU: 1209
Applies to:
This is the complete list of rules modified in SRU 2014-11-24-001 and SEU 1210.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 10214 | BROWSER-PLUGINS | Shockwave ActiveX Control ActiveX clsid access | off | off | off |
| 1 | 17742 | FILE-OFFICE | Microsoft Office Word remote code execution attempt | off | drop | drop |
| 1 | 19357 | MALWARE-CNC | Win.Worm.Sohanad.ila variant outbound connection | off | drop | drop |
| 1 | 19367 | MALWARE-CNC | Win.Worm.Vaubeg.A variant outbound connection | off | off | drop |
| 1 | 19400 | MALWARE-CNC | Win.Worm.Sddrop.D variant outbound connection | off | off | off |
| 1 | 19401 | MALWARE-CNC | Win.Worm.Sddrop.D variant outbound connection | off | off | off |
| 1 | 19495 | MALWARE-CNC | Win.Worm.Pilleuz variant outbound connection | off | off | off |
| 1 | 19573 | MALWARE-CNC | Win.Worm.Chiviper.C variant outbound connection | off | off | off |
| 1 | 19574 | MALWARE-CNC | Win.Worm.Chiviper.C variant outbound connection | off | off | off |
| 1 | 19575 | MALWARE-CNC | Win.Worm.Emold.U variant outbound connection | off | off | off |
| 1 | 19580 | MALWARE-CNC | Win.Worm.Basun.wsc inbound connection | off | off | off |
| 1 | 19584 | MALWARE-CNC | Win.Worm.Dref.C variant outbound connection | off | off | off |
| 1 | 19585 | MALWARE-CNC | Win.Worm.Dref.C variant outbound connection - notification | off | off | off |
| 1 | 19593 | MALWARE-CNC | Win.Worm.Agent.btxm variant outbound connection IRC | off | off | off |
| 1 | 19703 | MALWARE-CNC | Win.Worm.Dusta.br outbound connnection | off | drop | drop |
| 1 | 19766 | MALWARE-CNC | Win.Worm.Autorun variant outbound connection | off | off | off |
| 1 | 19918 | MALWARE-CNC | Win.Worm.Ganelp.B variant outbound connection | off | off | off |
| 1 | 20017 | MALWARE-CNC | Win.Worm.Koobface.dq variant outbound connection | off | off | off |
| 1 | 20022 | MALWARE-CNC | Win.Worm.Padobot.z variant outbound connection | off | off | off |
| 1 | 20449 | MALWARE-CNC | Win.Worm.Busifom.A variant outbound connection | off | off | off |
| 1 | 28054 | FILE-OTHER | VBScript potential executable write attempt | off | drop | drop |
| 1 | 29443 | EXPLOIT-KIT | Fiesta exploit kit outbound connection attempt | off | off | drop |
| 1 | 31814 | MALWARE-CNC | Win.Trojan.Darkcomet outbound keepalive signal sent | off | off | off |
| 1 | 32409 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |
| 1 | 32410 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |
| 1 | 32414 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |
| 1 | 32415 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |
| 1 | 32416 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |
| 1 | 32417 | OS-WINDOWS | Microsoft Windows SChannel CertificateVerify buffer overflow attempt | off | drop | drop |