Download BlackICE 3.6.cpw
The developers of Internet Security Systems have released a new version of BlackICE with 3.6.cpw as the version designation. This update comes in two flavors viz BlackICE PC Protection and BlackICE Server Protection. The package is a versatile firewall with full intrusion detection. Both the incoming and outgoing network flows are checked and if there is a possible suspicion that something is wrong, the administrator is warned and the connection can be closed. The list of adjustments looks like this:
[break]New Security Content:
| SIP_Invalid_URI | Suspicious activity | Low |
| HTTP_Orion_JSP_SourceRead | Suspicious activity | Low |
| HTTP_MHTML_Redirect | Suspicious activity | Medium |
| Shellcode_Detected | Unauthorized Access Attempt | High |
| HTML_ClassID_Overflow | Unauthorized Access Attempt | High |
| HTTP_AIMExpress | Suspicious activity | Low |
| FTP_Checksum_Cmd_BO | Unauthorized Access Attempt | High |
| HTML_IE_Render_Memory_Corruption | Unauthorized Access Attempt | High |
| SMTP_MailEnable_NTLM_Type1_Overflow | Unauthorized Access Attempt | High |
| SMTP_MailEnable_NTLM_Type3_Overflow | Unauthorized Access Attempt | High |
| EPolicy_Orchestrator_Source_Overflow | Unauthorized Access Attempt | High |
| Sunrpc_BackupProduct_BO | Unauthorized Access Attempt | High |
| Sunrpc_BackupProduct_String_Overflow | Unauthorized Access Attempt | High |
| SIP_Invalid_Invite_Address | Suspicious activity | Low |
| VPN_Hamachi_Client | Suspicious activity | Low |
| Video_Flic_Color_BO | Unauthorized Access Attempt | High |
| Video_Flic_Malformed | Suspicious activity | Low |
| ACF_Mem_Corruption | Unauthorized Access Attempt | High |
| MSRPC_WksSvc_Mgmnt_JoinDom_Bo | Unauthorized Access Attempt | High |
| MSRPC_Netware_Change_Password_BO | Unauthorized Access Attempt | High |
| MSRPC_Netware_Get_User_DoS | Denial of Service | Low |
| DNS_Malformed_Flood | Denial of Service | Medium |
Security Content Improvements:
- Fixed an attacker vs. victim reporting error in SSH_Vulnerable_OpenSSH
- The PAM tuning parameter, pam.email.executable.extension.blacklist, has been changed to report all of the default file extensions on one line in the pam log file.
- Fixed memory leak in the processing of .url files.
- The Compound File parser was optimized to reduce space.
- The Flash file parser was updated to reduce the potential of a false positive in some circumstances.
- Fixed a false positive in Email_HTML_File_URI wherein an IP address in the hostname portion of the URI was incorrectly detected.
- Fixed a false positive for SIP_Long_Via_Host and SIP_Unknown_Via_Parameter that could occur in certain networking-relaying configurations.
- The IRC parser was updated to more closely adhere to RFC 1459.
- The report for URL_file_URI_overflow now displays the correct length value.
- A false positive was corrected in HTTP_DotDotDot that occurred when using carefully constructed URLs.
- False positives were removed for DPS_Magic_Number_DoS.
| Version number | 3.6.cpw |
| Operating systems | Windows 9x, Windows 2000, Windows XP, Windows Server 2003 |
| Website | Internet Security Systems |
| Download | |
| License type | Shareware |