It has a very low false positive rate, and can be configured to prompt the user for each behavior, if that's desired. Most of the behaviors it stops are never benign, anyway. Keyloggers, mailing to every address in the address book, buffer overflows, self-modifying code, etc. Read more about it at http://www.cisco.com/en/US/products/sw/secursw/ps5 057/
Cisco Security Agent is a Host-Based IPS that will stop this exploit without signatures, but, rather, based on behavior. I tested a year-old version Cisco Security Agent against the Metasploit implementation, and CSA caught it every time, regardless of which payload I chose. CSA is also very good at preventing buffer and stack overflow exploits, and many others. Excellent zero-day protection!
Ever heard of Cisco Security Agent? Stops it dead in its tracks! Even an out-of-date version of it -- I tested this on a Virtual PC installation of Windows XP with CSA that I had laying around from March, 2005, and CSA caught it, just as I expected. Cisco Security Agent is an EXCELLENT protection against "Zero-Day" attacks, this one included.
Slashdot Mirror
It has a very low false positive rate, and can be configured to prompt the user for each behavior, if that's desired. Most of the behaviors it stops are never benign, anyway. Keyloggers, mailing to every address in the address book, buffer overflows, self-modifying code, etc. Read more about it at http://www.cisco.com/en/US/products/sw/secursw/ps5 057/
Cisco Security Agent is a Host-Based IPS that will stop this exploit without signatures, but, rather, based on behavior. I tested a year-old version Cisco Security Agent against the Metasploit implementation, and CSA caught it every time, regardless of which payload I chose. CSA is also very good at preventing buffer and stack overflow exploits, and many others. Excellent zero-day protection!
Ever heard of Cisco Security Agent? Stops it dead in its tracks! Even an out-of-date version of it -- I tested this on a Virtual PC installation of Windows XP with CSA that I had laying around from March, 2005, and CSA caught it, just as I expected. Cisco Security Agent is an EXCELLENT protection against "Zero-Day" attacks, this one included.