Release notes for update package 1638-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday October 09, 2023
MD5 CHECKSUM:    ca142df12adfefbc0707d4dad18d1ffe
SHA1 CHECKSUM:    3b0619292ecba61c780db5115dd740ccae5354ab
SHA256 CHECKSUM:    82dfd632f8ab2e7871ccc09b70c41335a99fd4dc45a2092b936deee765ac5f52

UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.5.1.10631
- Forcepoint NGFW:    6.5.1.21108

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in D-Link D-View detected     CVE-2023-32167     D-Link-D-View-Uploadmib-Directory-Traversal
High     An attempt to exploit a vulnerability in LG Simple Editor detected     CVE-2023-40494     LG-Simple-Editor-Deletefolder-Directory-Traversal
High     An attempt to exploit a vulnerability in Samba detected     CVE-2023-34966     Samba-Spotlight-Mdssvc-RPC-Denial-Of-Service
High     An attempt to exploit a vulnerability in Microsoft Exchange Server detected     CVE-2023-36744     Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High D-Link-D-View-Uploadmib-Directory-Traversal CVE-2023-32167 HTTP_CS-D-Link-D-View-Uploadmib-Directory-Traversal Suspected Compromise
High LG-Simple-Editor-Deletefolder-Directory-Traversal CVE-2023-40494 HTTP_CS-LG-Simple-Editor-Deletefolder-Directory-Traversal Suspected Compromise

TCP SMB Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Samba-Spotlight-Mdssvc-RPC-Denial-Of-Service CVE-2023-34966 SMB-TCP_Samba-Spotlight-Mdssvc-RPC-Denial-Of-Service Suspected Compromise

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization CVE-2023-36744 File-TextId_Microsoft-Exchange-PowerShell-Remoting-Dumpdatareader-Insecure-Deserialization Suspected Compromise

Updated detected attacks:

HTTP Request URI

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Microsoft-Remote-Desktop-Insecure-Library-Loading-CVE-2011-0029 CVE-2011-0029 HTTP_CSU-Microsoft-Office-Insecure-Library-Loading Suspected Compromise
Description has changed
Category tag group MS2011-03 added
High HP-Intelligent-Management-Center-Reporting-Information-Disclosure No CVE/CAN HTTP_CSU-HP-IMC-Uam-Acmservletdownload-Information-Disclosure Suspected Compromise
Fingerprint regexp changed
High Web-Oracle-Batch-File-Cmd-Exec CVE-2000-0169 HTTP_CSU-Remote-Code-Execution-Via-Cgi-Batch-Arguments Suspected Compromise
Name: HTTP_CSU-Apache-Tomcat-CGIServlet-enableCmdLineArguments-RCE->HTTP_CSU-Remote-Code-Execution-Via-Cgi-Batch-Arguments
Comment has changed
Description has changed
Category tag group CVE2000 added
Fingerprint regexp changed
High Directory-Traversal No CVE/CAN HTTP_CSU-Dot-Dot-Slash-And-Null-Byte-Sequence Attack Related Anomalies
Detection mechanism updated
Low IIS-Iisadmpwd-DoS CVE-2000-0304 HTTP_CSU-IIS-Htr-File-Fragment-Disclosure Potential Disclosure
Description has changed
Category tag group MS2000 added
Category tag group CVE2000 added

HTTP Request Header Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Gator No CVE/CAN HTTP_CSH-Gator-User-Agent Spyware, Malware and Adware
Fingerprint regexp changed
High HuntBar No CVE/CAN HTTP_CSH-HuntBar-Download Spyware, Malware and Adware
Fingerprint regexp changed
High Delfin-Media-Viewer No CVE/CAN HTTP_CSH-Delfin-Media-Viewer-g181511-User-Agent Spyware, Malware and Adware
Fingerprint regexp changed
High Delfin-Media-Viewer No CVE/CAN HTTP_CSH-Media-Viewer-StubInstStat-User-Agent Spyware, Malware and Adware
Fingerprint regexp changed
High Delfin-Media-Viewer No CVE/CAN HTTP_CSH-Delfin-Media-Viewer-PromulGate-User-Agent Spyware, Malware and Adware
Fingerprint regexp changed
High Gator No CVE/CAN HTTP_CSH-Gain-Publishing-Installer Spyware, Malware and Adware
Fingerprint regexp changed
High IEPlugin No CVE/CAN HTTP_CSH-IEPlugin Spyware, Malware and Adware
Fingerprint regexp changed
High ABetterInternet No CVE/CAN HTTP_CSH-Transponder Spyware, Malware and Adware
Fingerprint regexp changed
High ISTBar-Internet-Explorer-Toolbar No CVE/CAN HTTP_CSH-ISTBar-Install Spyware, Malware and Adware
Fingerprint regexp changed
High New.Net-Toolbar No CVE/CAN HTTP_CSH-New.Net-Toolbar-Activity Spyware, Malware and Adware
Fingerprint regexp changed
High iMesh-Toolbar No CVE/CAN HTTP_CSH-iMesh-Toolbar-Search Spyware, Malware and Adware
Fingerprint regexp changed
High iMesh-Toolbar No CVE/CAN HTTP_CSH-iMesh-Toolbar-Popup-Content-Request Spyware, Malware and Adware
Fingerprint regexp changed
High RX-Toolbar No CVE/CAN HTTP_CSH-RX-Toolbar-Activity Spyware, Malware and Adware
Fingerprint regexp changed
High Need2Find-Toolbar No CVE/CAN HTTP_CSH-Need2Find-Toolbar-Activity Spyware, Malware and Adware
Fingerprint regexp changed
High Bargain-Buddy No CVE/CAN HTTP_CSH-Bargain-Buddy-Install Spyware, Malware and Adware
Fingerprint regexp changed
High Hotbar No CVE/CAN HTTP_CSH-Hotbar-Weather-Service-Activity Spyware, Malware and Adware
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Transmission-P2P-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-KTorrent-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Opera-BitTorrent-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-BitTornado-P2P-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Enhanced-CTorrent-P2P-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Deluge-P2P-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-FDM-P2P-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-BTSP-P2P-Client Peer to Peer
Fingerprint regexp changed
High SQL-Injection-Attack-Tool No CVE/CAN HTTP_CSH-SQL-Injection-Attack-Tool-Detected Suspected Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Curl-Tool-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Windows-WebDAV-Access Possibly Unwanted Content
Fingerprint regexp changed
High HTTP-Code-Injection-Attack-Tool No CVE/CAN HTTP_CSH-Mama-Casper-Attack-Tool-Detected Suspected Attack Related Anomalies
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Libwww-Perl-User-Agent Possibly Unwanted Content
Fingerprint regexp changed
High HTTP-Morfeus-Scanner No CVE/CAN HTTP_CSH-Morfeus-Scanner-Usage Probe
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Microsoft-Windows-RSS-Platform-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Debian-Advanced-Packaging-Tool Browsers
Fingerprint regexp changed
High SpyLocked-Application-Usage No CVE/CAN HTTP_CSH-SpyLocked-Application-Usage Spyware, Malware and Adware
Fingerprint regexp changed
Low Nullsoft-Scriptable-Installation-System-Download-Plugin No CVE/CAN HTTP_CSH-Nullsoft-Scriptable-Installation-System-Download-Plugin Possibly Unwanted Content
Fingerprint regexp changed
High HTTP-Code-Injection-Attack-Tool No CVE/CAN HTTP_CSH-TSL-Attack-Tool-Detected Suspected Attack Related Anomalies
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Shareaza-P2P-Client Peer to Peer
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Wget-Tool-Usage Browsers
Fingerprint regexp changed
Low Apache-Httpd-Multiple-Mime-Headers-DoS CVE-1999-1199 HTTP_CSH-Apache-Httpd-Multiple-Mime-Headers-DoS-2 Potential Denial of Service
Fingerprint regexp changed
Low PPStream-P2P-Internet-TV No CVE/CAN HTTP_CSH-PPStream-Client-Usage Streaming Protocols
Fingerprint regexp changed
High HTTP-ZmEu-Scanner No CVE/CAN HTTP_CSH-ZmEu-Scanner-Usage Probe
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-MSNBot-Media-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Googlebot-Image-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-MSNBot-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Googlebot-Mediapartners-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Ubuntu-Advanced-Packaging-Tool Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Internet-Explorer-Browser-Plugin-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Searchme-Charlotte-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Baiduspider-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-DotBot-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Yandex-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Microsoft-Windows-Update-Agent-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-BigBrother-User-Agent Browsers
Fingerprint regexp changed
Low Gnutella-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-P2P-Phex-Client Peer to Peer
Fingerprint regexp changed
High HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Joomla-JCE-Vulnerability-Crawler Suspected Probe
Fingerprint regexp changed
Low SoulSeek-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-P2P-SoulSeek-Client Peer to Peer
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Sapphire-Web-Spider Known Crawlers
Fingerprint regexp changed
Low MSN-Messenger-Usage No CVE/CAN HTTP_CSH-MSN-Live-Messenger-Over-HTTP Instant Messaging
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Jyxobot-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-TurnitinBot-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-HTTrack-Tool-Usage Known Crawlers
Fingerprint regexp changed
Low Valve-Steam-Usage No CVE/CAN HTTP_CSH-Valve-Steam-Usage Online Gaming Protocols
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-P2P-uTorrent-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-BitComet-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Azureus-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-BitTorrent-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Deluge-Client Peer to Peer
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-rtorrent-Client Peer to Peer
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8.1 Browser Platforms
Fingerprint regexp changed
Low BitTorrent-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Blizzard-Downloader-Usage Online Gaming Protocols
Fingerprint regexp changed
Low Blizzard-World-Of-Warcraft-Usage No CVE/CAN HTTP_CSH-Blizzard-World-Of-Warcraft-Usage Online Gaming Protocols
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.8 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7.5 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone-7 Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Windows-Phone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-Android Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-GlobalSpec-Ocelli-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Stonesoft-SMC-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Generic-Java-Application Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPad Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Browser-User-Agent-iPhone Browser Platforms
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Lynx-Browser-Usage Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-NewsGator-NetNewsWire-Usage Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Swish-e-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Picsearch-psbot-Web-Spider Known Crawlers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-Entireweb-Speedy-Web-Spider Known Crawlers
Fingerprint regexp changed
Low Grendel-Scan-Vulnerability-Scanner-Usage No CVE/CAN HTTP_CSH-Grendel-Scan-Vulnerability-Scanner-Usage Potential Probe
Fingerprint regexp changed
Low Limewire-Peer-To-Peer-Network-Usage No CVE/CAN HTTP_CSH-Limewire-User-Agent Peer to Peer
Fingerprint regexp changed
High Digmine-Cryptocurrency-Miner No CVE/CAN HTTP_CSH-Digmine-Cryptocurrency-Miner Botnet
Fingerprint regexp changed
High ISR-Stealer-C2-Traffic No CVE/CAN HTTP_CSH-ISR-Stealer-C2-Traffic Botnet
Fingerprint regexp changed
Low AutoIt-Compiled-Program-Traffic No CVE/CAN HTTP_CRH-AutoIt-Compiled-Program-Traffic Possibly Unwanted Content
Fingerprint regexp changed
High Suspicious-User-Agent-WinHTTP-Loader No CVE/CAN HTTP_CSH-Suspicious-User-Agent-WinHTTP-Loader Suspected Compromise
Fingerprint regexp changed
High Fuzz-Faster-U-Fool-Activity No CVE/CAN HTTP_CRH-Fuzz-Faster-U-Fool-Activity Attack Related Anomalies
Fingerprint regexp changed
High Exorcist-C2-Traffic No CVE/CAN HTTP_CRH-Exorcist-C2-Traffic Suspected Compromise
Fingerprint regexp changed
High Bazar-Loader-Backdoor-Malware-Infection-Traffic No CVE/CAN HTTP_CSH-Bazar-Loader-Backdoor-Malware-Infection-Traffic Suspected Botnet
Fingerprint regexp changed
High D-Link-Backdoor-CVE-2013-6026 CVE-2013-6026 HTTP_CSH-D-Link-Backdoor-CVE-2013-6026 Suspected Compromise
Fingerprint regexp changed
High Zeppelin-Ransomware-Infection-Traffic No CVE/CAN HTTP_CSH-Zeppelin-Ransomware-Infection-Traffic Botnet
Fingerprint regexp changed
High Pyxie-RAT-Infection-Traffic No CVE/CAN HTTP_CSH-Pyxie-RAT-Infection-Traffic Suspected Botnet
Fingerprint regexp changed
High FortiOS-Authentication-Bypass-CVE-2022-40684 CVE-2022-40684 HTTP_CSH-FortiOS-Authentication-Bypass-CVE-2022-40684 Suspected Compromise
Fingerprint regexp changed
High Microsoft-Windows-DLL-Hijack-Vulnerability No CVE/CAN HTTP_CSH-Microsoft-Windows-DLL-Hijack-Vulnerability Potential Compromise
Fingerprint regexp changed
High Adload-Command-And-Control-Traffic No CVE/CAN HTTP_CSH-Adload-Command-And-Control-Traffic Suspected Botnet
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-User-Agent-Microsoft-Symbol-Server Browsers
Fingerprint regexp changed
Low HTTP-Browser-Usage No CVE/CAN HTTP_CSH-User-Agent-VCSoapClient Browsers
Fingerprint regexp changed

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High NagiosQL-Txtsearch-Parameter-Cross-Site-Scripting CVE-2013-6039 HTTP_CRL-NagiosQL-Txtsearch-Parameter-Cross-Site-Scripting Suspected Compromise
Fingerprint regexp changed
High Moodle-Teacher-Enrollment-Privilege-Escalation-To-RCE CVE-2020-14321 HTTP_CRL-Moodle-Teacher-Enrollment-Privilege-Escalation-To-RCE Suspected Compromise
Fingerprint regexp changed
High Keysight-N6854a-And-N6841a-RF-Sensor-smsRestoreDatabaseZip-SQL-Injection CVE-2022-38130 HTTP_CRL-Keysight-N6854a-And-N6841a-RF-Sensor-smsRestoreDatabaseZip-SQL-Injection Suspected Compromise
Fingerprint regexp changed
High Delta-Industrial-Automation-Diaenergie-CVE-2022-41133-SQL-Injection CVE-2022-41133 HTTP_CRL-Delta-Industrial-Automation-Diaenergie-CVE-2022-41133-SQL-Injection Suspected Compromise
Fingerprint regexp changed
High Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27351 CVE-2023-27351 HTTP_CRL-Papercut-Improper-Access-Control-Vulnerability-CVE-2023-27351 Suspected Compromise
Fingerprint regexp changed

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Microsoft-Exchange-Unsafe-Deserialization-CVE-2022-41082 CVE-2022-41082 File-TextId_Microsoft-Exchange-Unsafe-Deserialization Suspected Compromise
Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

TypeName
SituationHTTP_PSU-Shared-Variables

Updated objects:

TypeNameChanges
IPListRwanda
IPListSomalia
IPListYemen
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListSyria
IPListArmenia
IPListKenya
IPListDR Congo
IPListDjibouti
IPListUganda
IPListCentral African Republic
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListOman
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTurkey
IPListEthiopia
IPListEritrea
IPListEgypt
IPListSudan
IPListGreece
IPListBurundi
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListÅland Islands
IPListUkraine
IPListNorth Macedonia
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListZimbabwe
IPListZambia
IPListComoros
IPListMalawi
IPListLesotho
IPListBotswana
IPListMauritius
IPListEswatini
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListMozambique
IPListMadagascar
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListTurkmenistan
IPListTajikistan
IPListSri Lanka
IPListBhutan
IPListIndia
IPListMaldives
IPListBritish Indian Ocean Territory
IPListNepal
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListPalau
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListBrunei
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListNorth Korea
IPListSingapore
IPListCook Islands
IPListTimor-Leste
IPListRussia
IPListMongolia
IPListAustralia
IPListMarshall Islands
IPListFederated States of Micronesia
IPListPapua New Guinea
IPListSolomon Islands
IPListTuvalu
IPListNauru
IPListVanuatu
IPListNew Caledonia
IPListNorfolk Island
IPListNew Zealand
IPListFiji
IPListLibya
IPListCameroon
IPListSenegal
IPListCongo Republic
IPListPortugal
IPListLiberia
IPListIvory Coast
IPListGhana
IPListEquatorial Guinea
IPListNigeria
IPListBurkina Faso
IPListTogo
IPListGuinea-Bissau
IPListMauritania
IPListBenin
IPListGabon
IPListSierra Leone
IPListSão Tomé and Príncipe
IPListGibraltar
IPListGambia
IPListGuinea
IPListChad
IPListNiger
IPListMali
IPListTunisia
IPListSpain
IPListMorocco
IPListMalta
IPListAlgeria
IPListFaroe Islands
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListNetherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListMonaco
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListJersey
IPListIsle of Man
IPListGuernsey
IPListSlovakia
IPListCzechia
IPListNorway
IPListVatican City
IPListSan Marino
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListBosnia and Herzegovina
IPListAngola
IPListNamibia
IPListBarbados
IPListCabo Verde
IPListGuyana
IPListFrench Guiana
IPListSuriname
IPListSaint Pierre and Miquelon
IPListGreenland
IPListParaguay
IPListUruguay
IPListBrazil
IPListFalkland Islands
IPListJamaica
IPListDominican Republic
IPListCuba
IPListMartinique
IPListBahamas
IPListBermuda
IPListAnguilla
IPListTrinidad and Tobago
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListTurks and Caicos Islands
IPListAruba
IPListBritish Virgin Islands
IPListSt Vincent and Grenadines
IPListMontserrat
IPListSaint Martin
IPListSaint Barthélemy
IPListGuadeloupe
IPListGrenada
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListNicaragua
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListHaiti
IPListArgentina
IPListChile
IPListBolivia
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListKiribati
IPListTokelau
IPListTonga
IPListWallis and Futuna
IPListSamoa
IPListNiue
IPListNorthern Mariana Islands
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListAmerican Samoa
IPListCanada
IPListUnited States
IPListPalestine
IPListSerbia
IPListAntarctica
IPListSint Maarten
IPListCuraçao
IPListBonaire, Sint Eustatius, and Saba
IPListSouth Sudan
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListAmazon AMAZON il-central-1
IPListAmazon EC2 il-central-1
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListNordVPN Servers IP Address List
IPListAmazon AMAZON eu-central-1
IPListAmazon AMAZON us-east-1
IPListAmazon AMAZON us-east-2
SituationHTTP_CSU-Anaconda-File-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Unix removed
Category tag hardware Any Hardware removed
Category tag application Anaconda Foundation Directory removed
Category tag group CVE2000 removed
Category tag os_not_specific Unix not specific removed
Category tag situation Disclosure removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-Carey-Internet-Services-Commerce-Dir-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Unix removed
Category tag hardware Any Hardware removed
Category tag application Carey Internet Services commerce.cgi removed
Category tag group CVE2001 removed
Category tag os_not_specific Unix not specific removed
Category tag situation Disclosure removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-HP-Intelligent-Management-Center-Reporting-Information-Disclosure
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag application HP Intelligent Management Center removed
Category tag os_not_specific Any Operating System not specific removed
Category tag application_not_specific HP Intelligent Management Center not specific removed
Category tag situation Suspected Disclosure removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-IIS-Iisadmpwd
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application IIS 5.0 removed
Category tag application IIS 4.0 removed
Category tag group MS2000 removed
Category tag group CVE2000 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Potential Denial of Service removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-Microsoft-Remote-Desktop-Insecure-Library-Loading-CVE-2010-0029
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag application Microsoft Remote Desktop Client removed
Category tag group MS2011-03 removed
Category tag group CVE2011 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group HTTP URI Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-Microsoft-Windows-Wab32res.dll-Insecure-Library-Loading
Description has changed
Attacker: connection_destination->none
Victim: connection_source->none
Category tag situation Obsolete added
Category tag os Windows removed
Category tag hardware Any Hardware removed
Category tag group MS2011-11 removed
Category tag group CVE2011 removed
Category tag os_not_specific Windows not specific removed
Category tag situation Suspected Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group HTTP URI Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-Oracle-Batch-File-Cmd-Exec-Attempt
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Windows NT 4.0 removed
Category tag hardware Any Hardware removed
Category tag application Oracle Web Listener removed
Category tag group CVE2000 removed
Category tag os_not_specific Windows NT 4.0 not specific removed
Category tag situation Potential Compromise removed
Category tag group HTTP Correlation Dependency Group removed
Category tag group TCP Correlation Dependency Group removed
Category tag group HTTP URI Correlation Dependency Group removed
Category tag group Severity over 4 Correlation Dependency Group removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSU-Shared-Variables
SituationHTTP_CSH-Apple-Aperture-Usage
Fingerprint regexp changed
SituationHTTP_CSH-RubyGems-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Shared-Variables
Fingerprint regexp changed
SituationHTTP_CSH-Microsoft-CryptoAPI-Usage
Fingerprint regexp changed
SituationHTTP_CSH-HS.fi-iPhone-Application-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-iPhone-Maps-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-Core-Media-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-iTunes-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-Publication-Subscription-Service-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-iPhoto-8.0-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Clamav-Update-Agent-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Microsoft-BITS-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-Software-Update-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Sun-Java-Update-Agent
Fingerprint regexp changed
SituationHTTP_CS-Shared-Variables-For-Client-Stream-Context
Fingerprint regexp changed
SituationSMB-TCP_Shared-Variable-Fingerprint
Fingerprint regexp changed
SituationHTTP_CSU-URI-Directory-Traversal
Description has changed
Attacker: connection_source->none
Victim: connection_destination->none
Category tag situation Obsolete added
Category tag os Any Operating System removed
Category tag hardware Any Hardware removed
Category tag group CVE2008 removed
Category tag group CVE2011 removed
Category tag group CVE2012 removed
Category tag group CVE2014 removed
Category tag group CVE2019 removed
Category tag os_not_specific Any Operating System not specific removed
Category tag situation Potential Disclosure removed
Category tag group TCP Client Traffic removed
SituationHTTP_CSH-F-Prot-Anti-Virus-Update-Agent-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Apple-iPhoto-8.1-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Subversion-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Windows-Media-Player-Usage
Fingerprint regexp changed
SituationHTTP_CSH-Adobe-Flash-Player-Usage
Fingerprint regexp changed
SituationHTTP_CSH-FreeBSD-Portscout-Usage
Fingerprint regexp changed
ApplicationGoogle-Talk
ApplicationYLE-Areena
ApplicationPlex
Application detection context content changed
ApplicationAdobe-Updater
ApplicationNetflix
Application detection context content changed
ApplicationSkype
Application detection context content changed
ApplicationExchange-RPC-Over-HTTP
ApplicationApple-iCloud
ApplicationSophos-Update-Service
ApplicationMicrosoft-Sharepoint
ApplicationApple-Siri
ApplicationRssReader
ApplicationApple-Mac-App-Store
ApplicationYLE-Lapset
ApplicationTheCodingMonkeys-Carcassonne
ApplicationApple-Game-Center
ApplicationRovio-Angry-Birds
ApplicationMicrosoft-Xbox-Live
Application detection context content changed
ApplicationApple-iOS-Stocks
ApplicationPikPok-Flick-Kick-Football
ApplicationEpic-Games-Infinity-Blade
ApplicationInstagram
ApplicationApple-PhotoStream
Application detection context content changed
ApplicationMojang-Minecraft-Java
ApplicationTalesRunner
ApplicationNetop-OnDemand
ApplicationMcAfee-Update-Service
ApplicationMcAfee-SiteAdvisor
ApplicationGoogle-Android-Dalvik
ApplicationEpic-Games-Infinity-Blade-2
ApplicationSpotFlux-VPN
Application detection context content changed
ApplicationWickr
ApplicationMicrosoft-Office-365
ApplicationTrend-Micro-VCS
ApplicationMcAfee-ePO-Agent
ApplicationF-Secure-Management-Server
ApplicationTrend-Micro-OfficeScan-Management
ApplicationEndNote
ApplicationSonera-Viihde
ApplicationWeChat
ApplicationSpamAssasin-Update-Service
ApplicationTOR
ApplicationNordVPN
ApplicationSpotify
Application detection context content changed

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.