Network Protection: Firewall, NAT, QoS, & IPS [Sophos Notification] Advisory: Sophos UTM - Latest IPS pattern update triggering SENSITIVE-DATA Rules

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Notification] Advisory: Sophos UTM - Latest IPS pattern update triggering SENSITIVE-DATA Rules

FloSupport over 5 years ago

Hi Community,

Sophos is currently investigating customer reports of SENSITIVE-DATA IPS alerts after the latest IPS pattern update.

Traffic containing sensitive data being sent over plain text SMTP, HTTP, FTP-Data, IMAP, or POP3 may be incorrectly blocked by Intrusion Prevention.

The following reasons can be seen:

SENSITIVE-DATA Credit Card Numbers
SENSITIVE-DATA U.S. Social Security Numbers (with dashes)
SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)
SENSITIVE-DATA U.S. Phone Numbers
SENSITIVE-DATA Email Addresses

This article has been published to provide more information and the available workarounds.

Regards,

This thread was automatically locked due to age.

ITSupp over 5 years ago

I think I am affected by this issue. Since the morning, my email traffic having issue in sending and receiving between the mail server and mail scanner, where Sophos UTM in between.

25 minutes ago (now 3:40pm NZ time), I saw in the Up2Date log, there was "ipsbundle2" installed and all mail traffic back to normal.
Cancel
Vote Up 0 Vote Down

Cancel
FloSupport over 5 years ago
Update 5-30-2019
Sophos has rolled back the IPSBundle to the previous pattern (IPSBundle 9.199). The fixed pattern version is 9-201.
Users should verify that their UTM has updated to this new pattern.

To verify that the UTM has the correct ipsbundle2 version:

rpm -qa | grep ipsbundle2
u2d-ipsbundle2-9-201
Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel