Trellix Intrusion Prevention System (IPS) versions prior to version 11.1 Minor 5 may experience an issue with the Signature Sub Identifier (SSID) table overflow triggering false-positives.
The following versions and earlier versions are affected:
-
Certification releases:
IPS Manager - version 10.1.19.56 and earlier
-
Non-Certification releases:
IPS Manager - version 11.1.7.71 and earlier
What action is required?
Ensure that you are running the IPS Manager 11.1 M5 release or later. If you are running an older version, please upgrade to the latest available version. For more information on the upgrade process, see the Trellix IPS Upgrade Overview.
For more information, see Knowledge Base article Known Issue: Following an IPS Signature update, there is an increase in false positives.