Proventia Network Intrusion Prevention System 4.5 All Models Hotfix-10

Fix readme


Abstract

Known non-OS related, non-driver and non-hardware related fixes for All Models Hotfix

Content

Corrects issCSF signal 11 crash because the response objects are not properly
serialized

Previous problems corrected
---------------------------

Fixes an issue where new OCN format in keylib6 license key causes
'[ERROR]OCN 'xxxxx.xxxxxxxx.x' is not a valid customer ID'.

CSF:

Correct issCSF segmentation fault due to lack of synchronization between
the Global response configuration thread and the response thread

CRM:

Resolves a false positive with the "Snort is disabled but still running" health
alert. At the exact moment that the CRM stat task is running on one thread to
check the snort version, SPA is requesting agent info to send to SiteProtector
from the CRM, which checks whether the process is running.

Also resolves a second condition, at the exact moment SPA is requesting agent
info to send to SiteProtector from the CRM, which checks the snort process, the CRM
stat task is running on another thread to check the snort version.

Adds the network-info (link state information) sections back to the agent status
document (agent properties within SiteProtector) posted to SiteProtector.

Engine:

Resolves an issue with coalescer statistics events not functioning.

Corrects a crash related to quarantine rules.

Corrects a blocking issue on MORE_UPDATE events that were only intended to update
information about an event within the coalescer.

Corrects an issue with sensor statistics timing.

Packet logger:

Resolves an issue with the maximum number of files for the rolling packet captures.

PPD:

Prevents a signal 11 with the PPD process when the number of characters entered
into a port list within an event filter is greater than 30 characters and extends
the number of characters to 256.

A policy inconsistency where although a WAP category may be disabled
in the policy, certain signatures (those that X-Force would block by
default) are enabled regardless. To address the latter issue, the
enabled/disabled status of a WAP category now controls whether or not
*ALL* checks in a WAP category are disabled or enabled, instead of
allowing a subset of signatures to be enabled regardless of the WAP
category setting.

Adds support for the below parameters.

ppd.wap.override.disable
Default: Override fix is on by default.
Valid value: true

Description: This parameter disables the previously mentioned WAP Override fix.
It is recommended to leave the WAP Override fix enabled, default.

ppd.wap.<issueID>
Valid values:

"off"

Description: Disables the signature. There is no On value. In order to disable the signature,
the WAP category that contains the signature must be enabled.

"block"

Description: Turns blocking on for that signature. This will be useful in cases where
the WAP category that contains the signature is enabled, but not set to block and you
want to enable blocking for the one signature.

"blockdisable"

Description: Turns blocking off for that signature. This will be useful in cases where
the WAP category that contains the signature is enabled, is set to block and you want to
disable blocking for the one signature.

ppd.wap.global.<issueID>
Valid values: Same as ppd.wap.<issueID>
Description: This parameter overrides cases when the signature has Enable In Global set to
true from the feature category.xml file, and/or for the Client Side attacks category when the
Enable Client Side Protection check box is checked in the Client Side attacks tuning.

SecMgr:

On analysis inspection crashes bypass the NPU. The 4.5.0.0-ISS-ProvG-GX7-Hotfix-FP0003 patch
or later is required with this patch for this feature to work.

Adds support for the below parameter, which might be useful in cases where an unused segment or
interface is causing the IPS to report an unhealthy status in the SiteProtector Console agent
view:

Name: adapter.inuse.#

Where # is the inspection interface number starting with 0, for port 1A.

Valid value: false
Default value: true

Snep:

Resolves a seg v crash when snort generates a large size event.

Xerces:

Correct problem of signal 6 (abort) in issCSF because of Xerces lib.

Lum:

Fixes an issue with the LMI showing License information expiring a day
earlier in different time zones.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security Network Intrusion Prevention System

Software version:

4.5

Operating system(s):

Firmware

Reference #:

1642219

Modified date:

2013-06-27

Translate my page

Machine Translation

Content navigation