BlackICE 3.6.cof

Posted on Friday, May 20 2005 @ 17:59 CEST by LSDsmurf

Security Content Updates in 3.6.cof
  • More robust handling of Unicode in the HTML parser has been added, eliminating possible false negatives.
  • Parser support for SOAP requests posted using chunked encoding has been added.
  • Support for older versions of compound files has been added.
  • False positives with unrecognized compound files have been removed.
  • A false positive with SMB_Malformed has been removed.
  • A false positive with POP_Command_Overflow has been removed.
  • A false positive with SNMP_ifTable has been removed.
  • A false positive with SMTP_Routing_Overflow has been removed.
  • A false positive with HTTP_Mozilla_Nonascii_URL_BO has been removed.
  • A false positive with SMB_NT_Transact_Bo has been removed.
  • A false positive with HTTP_POST_dotdotdot_data has been removed.
  • A false positive with HTTP_GET_dotdotdot_Data has been removed.
  • Updates to Suspicious_ActiveX_Installer have been added to catch additonal Spyware applications.
  • Sensor Statistics has been updated to report octets and event/traffic rates.
  • Tuning parameter pam.crash.log has been added.
  • Tuning parameter pam.snmp.oidpairs.threshold has been added.
  • Email_Double_Extension has been tightened up to ignore white spaces.
  • The priority of TCP_Dabber_Sweep was changed to Medium.
  • HTTP_GotoMyPCDOTCom_Connection was changed from an attack to an audit.
  • A false negative with Content_Compound_File_Bad_Extension has been removed
  • A false negative with Email_Command_Overflow was removed.
  • A false negative with IMAP4_Very_Long_Command was removed.
  • The default responses for all signatures have been updated to be consistent with other ISS products. Responses for previously deprecated signatures have been removed. For information, see the ISS Support knowledgebase website at http://www.iss.net/support/knowledgebase/. Search for article number 2999.
Other updates:
  • Scaleable speed and support for UDP Trojans has been added to the Trojan detection module.
  • A performance impovement to the probe module configuration tables has been added.
  • Support for CISCO Skinny Client Control Protocol parser was added.
Other Bug Fixes:
  • Bounds-checking was added to the local user interface.

Program Information

Category:
Tools and Utilities
Type:
Shareware


Version:
3.6.cof
Size:
/
Works on:
Windows


Product page: here

Download: BlackICE 3.6.cof



Loading Comments