Proventia Network Intrusion Prevention System 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP0002

Technote (FAQ)


Question

What fixes are included in 4.5.0.0-ISS-ProvG-AllModels-Hotfix-FP0002?

Answer

===============================================================
DESCRIPTION
===============================================================

This patch is intended to deliver non-OS related, non-driver and non-hardware related fixes to the date stated in the readme, user memory space modules that affect the core functionality of the Proventia GX IPS.

Included fixes:

CRM:

Resolves a false positive with the "Snort is disabled but still running" health alert. At the exact moment that the CRM stat task is running on one thread to check the snort version, SPA is requesting agent info to send to SiteProtector from the CRM which checks whether the process is running.

Also resolves a second condition, at the exact moment SPA is requesting agent info to send to SiteProtector from the CRM which checks the snort process, the CRM stat task is running on another thread to check the snort version.

Adds the network-info (link state information) sections back to the agent status document (agent properties within SiteProtector) posted to SiteProtector.

Engine:

Resolves an issue with coalescer statistics events not functioning.

Corrects a crash related to quarantine rules.

Corrects a blocking issue on MORE_UPDATE events that were only intended to update information about an event within the coalescer.

Corrects an issue with sensor statistics timing.

Packet logger:

Resolves an issue with the maximum number of files for the rolling packet captures.

PPD:

Prevents a signal 11 with the PPD process when the number of characters entered into a port list within an event filter is greater than 30 characters and extends the number of characters to 256.

A policy inconsistency where although a WAP category may be disabled in the policy, certain signatures (those that X-Force would block by default) are enabled regardless. To address the latter issue, the enabled/disabled status of a WAP category now controls whether or not *ALL* checks in a WAP category are disabled or enabled instead of allowing a subset of signatures to be enabled regardless of the WAP category setting.

Adds support for the below parameters.

ppd.wap.override.disable
Default: Override fix is on by default.
Valid value: true

Description: This parameter disables the previously mentioned WAP Override fix. It is recommended to leave the WAP Override fix enabled, default.

ppd.wap.
Valid values:

"off"

Description: Disables the signature. There is no On value. In order to disable the signature, the WAP category that contains the signature must be enabled.

"block"

Description: Turns blocking on for that signature. This will be useful in cases where the WAP category that contains the signature is enabled, but not set to block and you want to enable blocking for the one signature.

"blockdisable"

Description: Turns blocking off for that signature. This will be useful in cases where the WAP category that contains the signature is enabled, is set to block and you want to disable blocking for the one signature.

ppd.wap.global.
Valid values: Same as ppd.wap.
Description: This parameter overrides cases when the signature has Enable In Global set to true from the feature category.xml file, and/or for the Client Side attacks category when the Enable Client Side Protection check box is checked in the Client Side attacks tuning.

Xerces:

Correct problem of signal 6 (abort) in issCSF because of Xerces lib

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Network Intrusion Prevention System

Software version:

4.5

Operating system(s):

Firmware

Software edition:

All Editions

Reference #:

1623264

Modified date:

2013-01-24

Translate my page

Machine Translation

Content navigation