alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO McAfee? AV Download - Set"; flow:established,to_server; content:"GET"; http_method; content:"McHttpH"; http_user_agent; fast_pattern; content:"download.mcafee.com"; http_host; flowbits:set,ET.Mcafee.Site.Download; flowbits:noalert; metadata: former_category INFO; classtype:not-suspicious; sid:2027945; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, deployment Perimeter, signature_severity Informational, created_at 2019_09_05, performance_impact Moderate, updated_at 2019_09_05;)

Added 2019-09-05 19:11:52 UTC


Topic revision: r1 - 2019-09-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats