Jump to content
Mithrow

False Positives on Java Protection Options

Recommended Posts

I am working on the finishing touches of our policy and have been going down the Administration guide for each single option in the Advanced Ant-Exploit Settings. I know that most users use or have java "Ugh" on their systems. My question is regarding the Java Protection options,

Do the below options have a high false positive history, if not is there anything I need to be aware of that they might interfere with on the clients?

•  Java Malicious Inbound Shell Protection is designed to detect and prevent remote shell exploits whose
payloads rely on inbound sockets.
•  Java Malicious Outbound Shell Protection is tasked with detection and prevention of remote shell exploits
whose payloads rely on outbound sockets.
•  Java Metasploit/Meterpreter Generic Protection is designed to generically detect and prevent attempts to use
the Metasploit Java/Meterpreter payload.
•  Java Metasploit/Meterpreter Command Execution Protection is tasked with detecting and blocking commands
in an established Java/Meterpreter session.

 

Running Management Console on Windows Server 2008 R2

Clients connect via VPN Secure Client, using windows 7, 8, 10.

Some clients in office, not using VPN.

Any tips or tricks on this would be greatly appreciated, I am completely re-engineering my company's systems and network security after the IT vendor failed on every level to do so; while charging an arm and a leg for the failed service "Before I was hired".

Share this post


Link to post
Share on other sites

The Metasploit/Meterpreter techniques do not have any FPs (at least not that we know of).

The Inbound & Outbound Shell Protection techniques sometimes do have FPs with Java-based Intranet applications. If you are a heavy Java shop, it's advised you test these two techniques in your environment prior to activating them.

Let me know if you have any more questions.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.