Meraki

JED2021 · ‎Dec 3 2021

We have MACOS clients using Google Chrome

flagged for

BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected

the destination IP Addresses are always within the GOOGLE ARIN.NET. CIDR blocks.

Can anyone shine some light?

AlexP · ‎Dec 8 2021

Most signatures in Snort rely solely on the contents/structure of a seen packet's application-layer data to generate an alert, so client OS type isn't going to dictate whether or not it's alerted. If you're seeing this on MacOS, and on an unrelated browser, you can likely just write it off.

View solution in original post

KarstenI · ‎Dec 3 2021

This alert is based on a snort IPS rule that matches a vulnerability in a browser engine that is used in multiple products. Could be a false positive, but probably better to let it enabled if no user complains.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

JED2021 · ‎Dec 3 2021

will upgrading to to MX 16.15\ enhance some of these findings.

The Jump is from 15 to 16 but I see nothing too relevant in the release niotes

AlexP · ‎Dec 8 2021

Most signatures in Snort rely solely on the contents/structure of a seen packet's application-layer data to generate an alert, so client OS type isn't going to dictate whether or not it's alerted. If you're seeing this on MacOS, and on an unrelated browser, you can likely just write it off.

Meraki

Community

MX Security report does not make sense

MX Security report does not make sense