diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


NIS Signature: Why Some Signatures Are Disabled By Default?

Microsoft explained the reason behind disabling 4 signatures in the NIS Signature set released last month (8.32):

There’re three different NIS signature types:

  1. Vulnerability-based signatures will detect most variants of exploits against a given vulnerability.
  2. Exploit-based signatures will detect a specific exploit of a given vulnerability.
  3. Policy-based signatures are generally used for auditing purposes and are developed when neither vulnerability nor an exploit-based signature can be written.

“Whenever possible, we write vulnerability based or exploit based signatures. These’re accurate signatures which’ve a very low rate of false positives or false negatives.

However, in some cases we aren’t able to write a vulnerability/exploit signature so we write a policy based signature. These’re less accurate and can cause some false alarms so it’s up to the admin to make a conscious decision to enable them despite the risk of false positives.

This’s why we make policy based signatures available in a “disabled by default” mode,” explains Microsoft.


Share This Story, Choose Your Platform!