Endpoint Protection

 View Only

  • 1.  After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Posted Jan 10, 2013 07:23 PM

    Hi People,

    Can anyone please assist me in resolving this issue with the 

    Everytime the user tries to use open up the application, there is pop up saying 

    [SID: 20903] FTP Generic Command Overflow detected which comes from the old Solaris server, after that the whole people in the department cannot use their FTP software to pull out the report from the server ?

    how to safely ignore any false positive "attacks" from that server, because previously in version 11 it works as normal.



  • 2.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Posted Jan 10, 2013 07:29 PM

    You can set this host to be excluded from IPS

    Check here:

     

    Setting up a list of excluded computers

    Article:HOWTO27084  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27084
     

     



  • 3.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Posted Jan 10, 2013 08:02 PM

    Brian, it doesn't work, I have found the IP address of the server in question already in the whitelisted list.

    The application still doesn't work



  • 4.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Broadcom Employee
    Posted Jan 10, 2013 08:25 PM

    check this link

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20903

     

    can you install latest version of ftp software?

     



  • 5.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Posted Jan 10, 2013 08:36 PM

    You can either upgrade the Solaris server FTP app to latest version or exclude that signature from the IPS policy



  • 6.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?



  • 7.  RE: After successfully upgrading SEP Client from 11.0.4 into 12.1 RU1 legacy FTP software stopped working ?

    Broadcom Employee
    Posted Jan 10, 2013 09:15 PM

    upgrade the ftp software on the target machine , also check the response from the above link I posted

    Response

    There are patches available for each installation of FTP. However as a best practice it is recommended to;

    1. Ensure the latest version of the FTP installation is installed
    2. Log and Audit any FTP use, more specifically from connections made from systems outside of the network.
    3. Disable any unneeded use of FTP.