User Tools

Site Tools


pfsense:suricata:alerts:et_policy_pe_exe_or_dll_windows_file_download_http

PFSense - Suricata - Alerts - ET POLICY PE EXE or DLL Windows file download HTTP

The ET POLICY part of the alert is telling you that it's a Policy rule:

NOTE: It is not an attack, it's just something which might violate a corporate policy.

This particular alert is just telling you that someone has downloaded a Windows executable file or DLL over HTTP.

In most cases this is just noise, unless you've prohibited downloading of executable files in your environment.


Suppress

#ET POLICY PE EXE or DLL Windows file download HTTP
suppress gen_id 1, sig_id 2018959
pfsense/suricata/alerts/et_policy_pe_exe_or_dll_windows_file_download_http.txt · Last modified: 2021/01/15 00:33 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki