[Snort-users] Windows Trojan False Positives

Jason Boyer jason at ...418...
Wed Apr 18 11:58:19 EDT 2001


    Noticed a huge amount of false positives regarding a ton of the
windows trojan rulesets. Seems the mirroring I due off of valinux trips
almost all the windows trojans. Is there anything I can do to the rules
to trim the alerts down?

BTW its Snort 1.7 with a Arachnids based ruleset.

Cheers,
Jason





More information about the Snort-users mailing list