Message Image

Skip main navigation (Press Enter).

Endpoint Protection Small Business Edition

View Only

Back to discussions

Expand all | Collapse all

Traffic has been allowed from this application

Jump to Best Answer

DanUSApr 29, 2010 10:28 AM

We are having some vulnerability scans on our network, which has triggered an alert: "Intrusion Prevention ...

Thomas KApr 29, 2010 10:38 AMBest Answer

By default this is set to allow/log. You can change this in the IPS exceptions page.

DanUSApr 29, 2010 03:10 PM

Ahh, didn't know that you could change the behavior like that, i thought all those were to allow only. ...

1. Traffic has been allowed from this application

0 Recommend
DanUS
Posted Apr 29, 2010 10:28 AM

Reply Reply Privately
We are having some vulnerability scans on our network, which has triggered an alert:
"Intrusion Prevention Info; [SID: 20511] HTTP CGI Test Request detected. Traffic has been allowed from this application: C:\Windows\System32\ntoskrnl.exe"

Is there any way to block this traffic? Or is there a good reason why it wasn't blocked? I can't find anything in Intrusion Prevention or Firewall that seems to specifically allow this.

Any insight would be appreciated
2. RE: Traffic has been allowed from this application
Best Answer

0 Recommend
Thomas K
Posted Apr 29, 2010 10:38 AM

Reply Reply Privately
By default this is set to allow/log. You can change this in the IPS exceptions page.
3. RE: Traffic has been allowed from this application

0 Recommend
DanUS
Posted Apr 29, 2010 03:10 PM

Reply Reply Privately
Ahh, didn't know that you could change the behavior like that, i thought all those were to allow only.

Excellent, thank you so much!

Copyright 2019. All rights reserved.

Powered by Higher Logic