one of the macbook in my office detected ms.vista.smbv2.signing. the target is my anti-virus server
The following intrusion was observed: MS.Vista.SMBv2.Signing.Insecurity.
date=2017-06-13 time=16:53:25 devname=GV_TIER2_FW01 devid=FGT3HD393 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=high srcip=10.200.90.142 srccountry="Reserved" dstip=10.199.99.XX srcintf="port3" dstintf="port2" policyid=7 sessionid=537066819 action=dropped proto=6 service="SMB" attack="MS.Vista.SMBv2.Signing.Insecurity" srcport=57646 dstport=445 direction=outgoing attackid=15191 profile="high_security"
[link]http://fortiguard.com/encyclopedia/ips/15191[/link]
can this be considered as false positives, since the client is a macbook instead of windows vista machine
Hello kinmun,
Yes, it is a false positive. The IPS team has fixed the signature. Can you update to IPS definition 11.159 and above to get the updated signature? Sorry for the inconveniences caused. Thanks!
HoMing
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.