Would like to clear up confusion - based on posts in connect
Over the last few years, or as long as I've been using custom IPS in SEP, which is quite a while.
I've done all the digging and learning I could - some from the help included in SEP, some from KB articles - and technical documents, and some from the forums here.
However, I have yet to find a conclusive 100% Symantec supported, all-agree final answer to the question I'm about to post.
Another search today gave me two different answers! One said "there should be", another said "no space after the , before....." and another was really unsure himself as to which it was.
The question is - in the sample IPS string below, should there be or should there not be a space after the , that is just before the words content="xxxxxxxxx"
rule tcp, dest=(80,443), msg="ZugoLaunch installer", content="zugolaunch.com"
So the question is - is THIS correct -> rule tcp, dest=(80,443), msg="ZugoLaunch installer", content="zugolaunch.com"
Is THIS correct ->rule tcp, dest=(80,443), msg="ZugoLaunch installer",content="zugolaunch.com"
and to confuse things more- I read a recent post saying there should be a space after every comma - after every , in an IPS def.
But in the past, someone said "no spaces".
Funny, no matter how it is said, or what is said, no "Symantec regular" or bonifide employee who gets regular pay from Symantec and who has an insiders look at the product, what works, what doesn't, has responded to agree or disagree with any of the above. So it appears one could gather that Symantec support doesn't care, or doesn't know?
So, for the record, the official word, the final word, straight from development team if necessary, should there be spaces after the , or no spaces after the , and does the answer apply to all of them, or just the one before the word content like was stated in the past?