Not sure if it helps but ours is set like this and it works.     ... View more

What device do you have?   ... View more

Yeah, it says "null" after you apply it but it does work. ... View more

You are correct. Patching does not prevent false positives and the blocking of traffic. ... View more

This isn't a solution. Patching endpoints does not prevent the offending traffic and it doesn't prevent it from being blocked.   You cannot currently fix the problem without either disabling IDS or by creating a rule. ... View more

The patch only applies to servers. It won't prevent Meraki traffic being blocked from "endpoints that are leveraging TLS 1.2", as Microsoft put it.   I think we need to wait for Microsoft to close out the incident - MO411804. They're "engaging with their firewall partners" so presumably the snork rule will be corrected at some point. ... View more

Is there a patch for Windows 10? The Microsoft CVE only refers to Windows Server operating systems. ... View more

Hi. Here you go...   https://community.meraki.com/t5/Security-SD-WAN/IPS-Snort-Microsoft-Windows-IIS-denial-of-service-attempt-False/m-p/156658/highlight/true#M39336 ... View more

If you have an MX100 then go to "Security & SD WAN" then "threat protection". Under "Intrusion detection and prevention", add a rule and search for "1:60381". Save changes.   You should read the Microsoft CVE and snort rule before doing this, so you can determine whether your environment is actually vulnerable to this exploit.   https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2022-35748 https://snort.org/rule_docs/1-60381 ... View more

We've added an allow rule on our MX100s for this particular type of traffic. It's on the list of rules as "1:60381". This has resolved the problem. We need more information from Microsoft on the potential ongoing threat/mitigation. ... View more

How do you know it's a false-positive? ... View more

Haven't tried that but we're seeing thousands of dropped events on our MX100s, which could potentially indicate some kind of attack. So we don't want to disable any security related features. ... View more

We have the same issue. It's affecting all VPN and on-site users. I've logged a ticket with Meraki but haven't had a response yet. ... View more