Posted by Randymandy on Apr 13, 2018; 8:22am
URL: https://itus.accessinnov.com/Question-IPS-logs-tp1520.html

Hi All,

I have a question about the IPS logs, I have this entry in my log...

780652  [Drop] [**] [1:2102123:7] GPL EXPLOIT Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {TCP} 2.16.4.187:80 -> 10.10.10.198:3550

My question is if I didn't have the Shield woudn't my regular router firewall also have dropped this probe/request?
I have a few of these entries, two of them happened overnight while th PC was off.  So there could not have been
a request from my side...

Thanks