Windows update list for exe download alerts

gnordli · September 18, 2023, 7:21pm

Hi.

I get lots of INDICATOR-SHELLCODE x86 inc ecx NOOP which is triggered by Windows Updates.

Right now, I am just disabling them as I see them, but it is a lot of work. Is there a list of windows / office microsoft updates IP I can use to filter against.

Any other suggestions?

thanks,
Geoff

Andreas_Herz · September 19, 2023, 8:29am

I guess the IPs can vary a lot over time, you could instead try to threshold or suppress the traffic for that 11.7. Ignoring Traffic — Suricata 7.0.2-dev documentation instead of IP whitelisting.

Topic		Replies	Views
My computers are attacked -> fast.log alerts Help	0	28	November 18, 2024
Newbie question about whitelisting IPs for a single rule Rules	4	1228	December 19, 2022
Disable alerts based on rule ID and IP Address combination Help	3	1863	December 9, 2020
Ignore certain traffic Help	2	703	October 3, 2022
Import IP Passlist pfsense	1	228	March 12, 2024

Windows update list for exe download alerts

Related topics