Cisco Cisco IPS 4255 Sensor

Release Notes for Cisco Intrusion Prevention System 7.0(2)E4

OL-21671-01

Resolved Caveats

The following known issues have been resolved in Cisco IPS 7.0(2)E4:

•

CSCse94001—ENGINE: improve telnet option parsing as anti-evasion measure

•

CSCsg20728—Actions do not appear in alerts when modify-packet-inline is configured

•

CSCsm37654—Signature 1220.0 does not alarm

•

CSCso66999—Automatic Ack limiter

•

CSCsq92185—E2 engine upgrade causes sensor to hang

•

CSCsr95290—Caret support for regex in atomic-ip

•

CSCsu86596—Fixed UDP Engine does not properly handle start of packet ("^") in regex

•

CSCsv07624—Engine service pack installs on a sensor of equal maj.min(sp) level

•

CSCsv22395—SMB-Advanced should have a generic handler for unrecognized smb commands

•

CSCsv98672—AIC Enforce Content Types false positive

•

CSCsw20463—11005.2 tcp kazaa signature doesnt fire in servicep2p

•

CSCsw67575—SMBAdvanced slowdown on file copy

•

CSCsw70331—Implement the IOS Lightweight Engines typedef

•

CSCsw86555—5582 false positve

•

CSCsx20458—Sig 1300.0 firing incorrectly

•

CSCsy30036—Inspect HTTP traffic on all ports

•

CSCsy30176—Meta engine enhancements for E4

•

CSCsy74853—Engine Flood.Host Source Ports Bug

•

CSCsy96323—Alarm Context data is not complete in E3

•

CSCsz01229—Multistring Engine False Negative

•

CSCsz15601—Create engine-p2p signatures for Share P2P Application

•

CSCsz34935—Signature 1302.0 does not fire

•

CSCsz65453—Add regex table split support to HTTP engine

•

CSCsz95342—Sensors may track the direction tcp streams improperly

•

CSCta12368—1330.12 and 1330.18 false positives with high volume traffic

•

CSCta38577—SensorApp stops responding when adding a String signature

•

CSCta49978—String HTTP does not calculate context buffer offset correctly for Args

•

CSCtc18038—SensorApp mismanages buffers when TX queue full

•

CSCtc43996—Engine P2P may not properly check boundaries

•

CSCtc61972—Ares P2P signature does not fire

•

CSCtd92090—idsm2 misfiring 1330 17,19,23

•

CSCtf31408—Engine Update installer can leave sensor in incomplete state

•

CSCtf40209—Signature Obsoletes from "backport" engines are being processed

•

CSCtf47008—sensorApp signatureDB corruption when processing same Src/Dst packets