SonicWALL Alert - Anti-Spyware Alert for False Positives Feb 22nd 2017
Sonicwall Anti-Spyware signatures were pushed out on February 22nd, leading to a number of legitimate sites being blocked. The following block was observed.
The IPS Team has confirmed that this is a false positive and will be corrected as soon as possible.
The Anti-Spyware signature: Obfuscated-File JS.OT.2 (Exploit) is considered a Low danger level on the SonicWall. We are actively working to correct this signature as soon as possible. In the meantime, perform the following steps to allow users to access legitimate websites that the signature may be blocking:
- Login to the SonicWall appliance and click Security Services | Anti-Spyware.
- Use the View Style drop down menu and select "O" (the first letter of the signature in question).
3. Configure the Obfuscated-File JS.OT.2 (Exploit) and Disable the Prevention section of the signature.