This update package improves the detection capabilities of the Forcepoint NGFW system.
| RELEASE DATE: | Wednesday March 11, 2020 |
| MD5 CHECKSUM: | bf539d6697cc691c3e7649ad08b3422a |
| SHA1 CHECKSUM: | f1d487bb1be3e2f1e1b8b91793e4f928a49d1414 |
| SHA256 CHECKSUM: | dff9a61ac31cecb8bceaa13f84a29437b156df6971b1d36ce8f4256160c3432e |
UPDATE CRITICALITY: HIGH
MINIMUM SOFTWARE VERSIONS
| - Forcepoint NGFW Security Management Center: | 5.10.1.10027 |
| - Forcepoint NGFW: | 5.5.1.9848 |
List of detected attacks in this update package:
| Risk level | Description | Reference | Vulnerability |
|---|---|---|---|
| High | An attempt to exploit a vulnerability in Microsoft Windows detected | CVE-2020-0796 | Microsoft_Windows_SMBv3_Remote_Code_Execution_Vulnerability_CVE-2020-0796 |
Jump to: Detected Attacks Other Changes
DETECTED ATTACKS
New detected attacks:
TCP SMB Client Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Microsoft_Windows_SMBv3_Remote_Code_Execution_Vulnerability_CVE-2020-0796 | CVE-2020-0796 | SMB-TCP_Microsoft_Windows_SMBv3_Remote_Code_Execution_Vulnerability_CVE-2020-0796 | Suspected Compromise |
Updated detected attacks:
Text File Stream
LIST OF OTHER CHANGES:
Updated objects:
| Type | Name | Changes |
|---|---|---|
| Network Element | TOR exit nodes | |
| IPList | Amazon_AMAZON_us-west-1 | |
| IPList | Microsoft Azure datacenter | |
| IPList | TOR relay nodes IP Address List | |
| IPList | Microsoft Azure datacenter EUROPENORTH | |
| IPList | Microsoft Azure datacenter USWEST | |
| IPList | TOR exit nodes IP Address List | |
| IPList | Amazon_AMAZON | |
| IPList | Microsoft Azure datacenter USEAST2 | |
| IPList | Microsoft Azure datacenter USSOUTH | |
| IPList | Microsoft Azure datacenter EUROPEWEST |
ACTIVATING THE UPDATE PACKAGE
- Ensure that the SHA256 checksum of the update package are correct.
- Open Admin Tools in the SMC GUI client.
- Right-click on the Updates folder and select "Import Update Packages".
- Right-click on the imported package and select Activate.
- Reinstall the system policy to take the changes into use. Custom policies may require manual updating.
DISCLAIMER AND COPYRIGHT
The information in this document is provided only for educational purposes and for the convenience of Forcepoint customers. The information contained herein is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation, circumstance, or system configuration - use at your own risk. Forcepoint does not warrant or endorse any third-party products described herein.
Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Copyright © 2000-2020 Forcepoint LLC. All rights reserved.
Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Copyright © 2000-2020 Forcepoint LLC. All rights reserved.