Video Screencast Help

How to unblock or white list internal production FTP from SEP false positives ?

Created: 25 Oct 2012 • Updated: 25 Oct 2012 | 9 comments
This issue has been solved. See solution.

Hi,

My client has just installed SEP 12.1 RU1 MP1, so how can I disable this false positives ?

Thanks

Comments 9 CommentsJump to latest comment

John Santana's picture

I don't want to turn off the NTP component for this client, but rather I'd like to include a white list the Production FTP site so that the rest of the company is not affected by this random issue.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

You can add it to the Excluded Hosts list in the IPS policy. 

 

Setting up a list of excluded computers

http://www.symantec.com/business/support/index?page=content&id=HOWTO27084

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
John Santana's picture

According to this article: http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20903 it is harmless and not needing any action.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

It is recommending to apply patches to your FTP software.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Ah ok, so in this case it is the webserver in the SOlaris box that behaves erratically.

thanks for the suggestion.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

I would make sure it is fully patched.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

yes, that's correct Brian.

Thanks for the quick response.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

You're welcome.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

 It's always Recommended you can apply latest Microsoft security patch apply.

Thanks In Advance

Ashish Sharma