BugZero | WatchGuard Technologies BugID kA10H000000bofFSAQ - IPS rule 1136944 incorrectly denies RDP traffic ov...

WatchGuard Technologies - Defect ID: kA10H000000bofFSAQ

IPS rule 1136944 incorrectly denies RDP traffic over VPN

WatchGuard Technologies - Defect ID: kA10H000000bofFSAQ

IPS rule 1136944 incorrectly denies RDP traffic over VPN

Last updated on 6/4/2020

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Unspecified
Status: Resolved
Article View Count: 297

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Unspecified
Status: Resolved
Article View Count: 297

Issue

In version 4.1048 of the Application Control/IPS signatures, IPS rule 1136944 causes a false positive which denies RDP traffic over a VPN tunnel. A message similar to this appears in the traffic logs: 2020-06-03 08:09:00 Deny rdp/tcp 56437 3389 3-WiFi 1-Trusted IPS detected 85 127 proc_id="firewall" rc="301" msg_id="3000-0150" tcp_info="offset 5 A 1682617796 win 1" signature_name="RDP Microsoft Remote Desktop Services Remote Code Execution Vul" signature_cat="Buffer Over Flow" signature_id="1136944" severity="3" Traffic

Workaround/Solution

Install version 4.1052 of the IPS signatures: If you have automatic signature updates enabled, version 4.1052 will install automatically.If you do not have automatic signature updates enabled, update IPS signatures manually. For more information, see Subscription Services Status and Manual Signatures Updates in Fireware Help. After version 4.1052 is installed, reboot the Firebox.

Original Vendor Announcement

Defect ID: kA1Vr0000009xvJKAQ
WatchGuard Endpoint Security firewall protection's automatic network location is incorrect when using IKEV2 VPN adapters
Defect ID: kA1Vr0000007LVxKAM
WatchGuard Endpoint Security network infrastructure causes Windows BSOD crashes in driver NNSHTTP when browsing pages
Defect ID: kA1Vr0000009AkvKAE
WatchGuard Endpoint Security performance issues and computers erroneously identified as "Unmanaged" with Endpoint Access Enforcement
Defect ID: kA1Vr000000B2JRKA0
Endpoint Security Web Access Control fails to block sites
Defect ID: kA1Vr0000009AhhKAE
WatchGuard Enpoint Security shows Trojan/RansomDecoy.A detections as 'Ignored' in the Threats Detected by the Antivirus tile

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

WatchGuard Technologies - Defect ID: kA10H000000bofFSAQ

IPS rule 1136944 incorrectly denies RDP traffic over VPN

WatchGuard Technologies - Defect ID: kA10H000000bofFSAQ

IPS rule 1136944 incorrectly denies RDP traffic over VPN

Last updated on 6/4/2020

Vendor details

Vendor details

Description

Issue

Workaround/Solution

Links

Top WatchGuard defects by risk score

Ready to prevent the next vendor outage?