Hi, I need to know if someone could block the Ares (v. 126.96.36.19930). I have a Fortigate-100A 3.00, bould 0406,070126 and also tryed with a newer version but it wonÂ´t block it.
This is what IÂ´m doing: on the IPS->SIGNATURE->PREDEFINED->with the DROP action, the severity level set HIGH and in PROTOCOL DECODER -> P2P_DECODER -> P2P DIRECT-CONNECT with the DROP action and the severity level set HIGH too.
On the policy profile on the IPS, I also set the severity level to HIGH
I did it just as it says on the Fortinet document:
If someone could block it or if someone has any tip, I would be really thankfull.
last IPS updates fixed the problem (version >= 2.402)
You have 3 signatures:
" Ares.Chat.Join" -- detect joining a chat channel
" Ares.Connect.Detection" -- detect connecting network (old " ares" sig)
" Ares.Search.Detection" -- detect searching
Set action to " Drop" and adjust Severity in your protection profile to catch them.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.