Downloads

Download BlackICE 3.6.cpi

By admin
Spread the love

The developers of Internet Security Systems have released a new version of BlackICE with 3.6.cpi as the version designation. This update is available in two flavors, namely BlackICE PC Protection and BlackICE Server Protection. The package is a versatile firewall with full intrusion detection. Both the incoming and outgoing network flows are checked and if there is a suspicion that something is not right, the administrator is warned and the connection can be closed. The changelog includes the following changes:

Security Content Improvements in 3.6.cpi:

  • The tuning parameter pam.proxyparse.enabled is now enabled by default.
  • The tuning parameter pam.content.emf.resolution.threshold was reduced 1 byte to 32766 for Image_EMF_Integer_Overflow.
  • The NFS fragmentation reassembly logic has been updated to not discard duplicate fragments.
  • A potential false positive was removed from HTTP_IIS_ISAPI_Printer_Overflow where the signature would not fire under some fragmentation conditions.
  • The Microsoft Messenger parser now correctly reports Unicode filenames for file transfers.
  • The content length check was removed from HTTP_IE_Help_Overflow to reduce possible false negatives.
  • A false negative was removed from MSRPC_Spoolss_Overflow.
  • A false positve was removed from HTTP_Google_Desktop_Installed where the event would trigger on uninstallation of the Google Desktop software.
  • A false negative was removed from HTTP_Translate_F_SourceRead.
  • A false negative was removed from HTTP_IIS_RSA_WebAgent_BO by adding detection for a version of the attack using the HTTP POST method.
  • A false positive was removed from HTTP_EZShopper_Search.
  • A false positive was removed from HTML_MSHTML_Overflow.
  • A false positive was removed from HTTP_PsaPhp_RevealSource.
  • A false negative was removed from HTTP_ASP_Security_Bypass.
  • False positives were removed from P2P_activity and Gift_download.
  • A false positive was removed from SubSeven_Scan_Response.
  • A false positive was removed from HTML_Null_Char_Evasion.
  • The Yahoo messenger parser was refactored to eliminate a false positive and a false negative.
  • Additional CLSIDs were added to HTML_IE_ActiveX_Loader_Heap_Corruption.
  • Coverage for an additional exploit vector was added to HTML_Object_Styles_Overflow.
  • The following tuning parameters were added to make their corresponding signatures user-configurable:
    • POP_QPopUser_Overflow – ‘pam.pop.qpopuser.threshold’
    • POP_Fuseware_Overflow – ‘pam.pop.fuseware.threshold’
    • POP_SilentRunner_User_Overflow – ‘pam.pop.silentrunner.pass.threshold’
    • POP_SilentRunner_Pass_Overflow – ‘pam.pop.silentrunner.user.threshold’
    • POP_YPOPs_Overflow – ‘pam.pop.yahoo.threshold’
    • POP_Retr_DoS – ‘pam.pop.retr.threshold’
    • POP_List_Overflow – ‘pam.pop.list.threshold’
    • POP_Fold_Overflow – ‘pam.pop.fold.threshold’
    • UDP_Syslogd_BO – ‘pam.udp.syslog.threshold’

Version number 3.6.cpi
Operating systems Windows 9x, Windows NT, Windows 2000, Windows XP, Windows Server 2003
Website Internet Security Systems
Download
License type Shareware
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses