[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-general
Subject:    Re: [bidgeneral] Re: intrusion detection???
From:       elaimins () aol ! com
Date:       2001-10-23 7:20:50
[Download RAW message or body]

Hi Tony,

The SMB winreg file entry has actually always been there.  It is just
that in previous versions, it was not displayed in the user interface.
The reason that this entry is there is because we found that 99.999 % of
the time, this attack was actually a false positive.
You can remove this entry manually by opening the sigs.ini file, located
in the BlackICE directory, & placing a semicolon in front of the
following line:

trust.issue = 2002703

When you are done, the entry should look like this:  ;trust.issue =
2002703

Save the file & then open the user interface again & you will see that
the entry is gone.  If you start to see a lot of these types of attacks,
you can always go back & delete the semicolon so that the issue will be
trusted again.

Eric

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting \
transactions, securing intranets, and more! \
                http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/NhFolB/TM
---------------------------------------------------------------------~->

To Post a message, send it to:   bidgeneral@eGroups.com
To Unsubscribe, send a blank message to: bidgeneral-unsubscribe@eGroups.com 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


[prev in list] [next in list] [prev in thread] [next in thread]