pfsense:suricata:alerts:et_policy_pe_exe_or_dll_windows_file_download_http
This is an old revision of the document!
PFSense - Suricata - Alerts - ET POLICY PE EXE or DLL Windows file download HTTP
The ET POLICY part of the alert is telling you that it's a Policy rule:
- It is not an attack per se, it's just something which might violate a corporate policy.
This particular alert is just telling you that someone has downloaded a Windows executable file or DLL over HTTP.
In most cases this is just noise, unless you've prohibited downloading of executable files in your environment.
Suppress
#ET POLICY PE EXE or DLL Windows file download HTTP suppress gen_id 1, sig_id 2018959
pfsense/suricata/alerts/et_policy_pe_exe_or_dll_windows_file_download_http.1610644017.txt.gz · Last modified: 2021/01/14 17:06 by peter