MX Security report does not make sense

SOLVED
JED2021
Getting noticed

MX Security report does not make sense

We have MACOS clients using Google Chrome

flagged for

BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected

 

the destination IP Addresses are always within the GOOGLE ARIN.NET. CIDR blocks.

 

Can anyone  shine some light?

 

 

1 ACCEPTED SOLUTION
AlexP
Meraki Employee

Most signatures in Snort rely solely on the contents/structure of a seen packet's application-layer data to generate an alert, so client OS type isn't going to dictate whether or not it's alerted. If you're seeing this on MacOS, and on an unrelated browser, you can likely just write it off.

 

 

View solution in original post

3 REPLIES 3
KarstenI
Kind of a big deal

This alert is based on a snort IPS rule that matches a vulnerability in a browser engine that is used in multiple products. Could be a false positive, but probably better to let it enabled if no user complains.

will  upgrading to to MX 16.15\ enhance some of these findings.

 

The Jump is from 15 to 16 but I see nothing too relevant in the release niotes

AlexP
Meraki Employee

Most signatures in Snort rely solely on the contents/structure of a seen packet's application-layer data to generate an alert, so client OS type isn't going to dictate whether or not it's alerted. If you're seeing this on MacOS, and on an unrelated browser, you can likely just write it off.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels