Video Screencast Help

After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

Created: 10 Jan 2013 | 6 comments

Hi People,

Can anyone please assist me in resolving this issue with the 

Everytime the user tries to use open up the application, there is pop up saying 

[SID: 20903] FTP Generic Command Overflow detected which comes from the old Solaris server, after that the whole people in the department cannot use their FTP software to pull out the report from the server ?

how to safely ignore any false positive "attacks" from that server, because previously in version 11 it works as normal.

Comments 6 CommentsJump to latest comment

_Brian's picture

You can set this host to be excluded from IPS

Check here:

 

Setting up a list of excluded computers

Article:HOWTO27084  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27084
 

 

John Santana's picture

Brian, it doesn't work, I have found the IP address of the server in question already in the whitelisted list.

The application still doesn't work

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

_Brian's picture

You can either upgrade the Solaris server FTP app to latest version or exclude that signature from the IPS policy

pete_4u2002's picture

upgrade the ftp software on the target machine , also check the response from the above link I posted

Response

There are patches available for each installation of FTP. However as a best practice it is recommended to;

1. Ensure the latest version of the FTP installation is installed
2. Log and Audit any FTP use, more specifically from connections made from systems outside of the network.
3. Disable any unneeded use of FTP.