pfsense:suricata:alerts:et_policy_pe_exe_or_dll_windows_file_download_http
PFSense - Suricata - Alerts - ET POLICY PE EXE or DLL Windows file download HTTP
The ET POLICY part of the alert is telling you that it's a Policy rule:
NOTE: It is not an attack, it's just something which might violate a corporate policy.
This particular alert is just telling you that someone has downloaded a Windows executable file or DLL over HTTP.
In most cases this is just noise, unless you've prohibited downloading of executable files in your environment.
Suppress
#ET POLICY PE EXE or DLL Windows file download HTTP suppress gen_id 1, sig_id 2018959
pfsense/suricata/alerts/et_policy_pe_exe_or_dll_windows_file_download_http.txt · Last modified: 2021/01/15 00:33 by peter