***********************************************************************
Symantec Network Security 7100 Series Engine Update 1        README.TXT
Copyright (c) 2004 Symantec Corporation                     August 2004
***********************************************************************

The following is a readme for Symantec Network Security 7100 Series 
appliance Engine Update 1. 

For additional information, contact technical support or the knowledge
base via the Symantec Web site at:

* Technical support:
  http://www.symantec.com/techsupp/ent/enterprise.html
  
* Knowledge base:
  http://www.symantec.com/techsupp/enterprise/select_product_kb.html
  
  - Click Intrusion Protection > Symantec Network Security >
    Symantec Network Security 7100 Series


This readme discusses the following:

- False positive bug fixes
- Detection enhancements
- Event description changes
- Signature updates
- Installing Engine Update 1


False positive bug fixes
-------------------------
* Engine Update 1 fixes bugs that triggered the following false 
  positive alerts:
  - UDP Flood
  - TCP unusual portsweep under high connection rate
  - "Too Many Out Of Order TCP Segments" alerts with clean traffic
  - SMB session failed authentication


Detection enhancements
-------------------------
* Engine Update 1 contains the following:
  - Enhancements for UDP scans


Event description changes
-------------------------
* The following event description changes are incorporated into 
  Engine Update 1:
  - Added missing VID tags on some event descriptions
  - Event description enhancement to clarify 
    "HTTP Request URI %xx non-hex Character" alert
  - Added missing category and intent values in event descriptions


Signature updates
-------------------------
* Engine Update 1 addresses the following:
  - Alerts implemented as signature rather than state machine


Installing Engine Update 1
-------------------------

* Engine Update 1 is automatically installed on the 
  Symantec Network Security 7100 Series appliance via the Symantec 
  LiveUpdate service.
  
  Note: Symantec recommends installing Patch 1 before installing 
  Engine Update 1 and Signature Update 1. Both Engine Update 1 and 
  Signature Update 1 must be installed on the appliance.
  Symantec does not support Patch 1 and Engine Update 1 separately.
  
  Warning: Installing Engine Update 1 restarts the 7100 Series
  appliance sensors, this causes a loss of state information. Also,
  for 7100 Series appliance's running inline, this process causes a
  brief network interruption.