I work with SEP 14, and today for no apparent reason I’ve started to get the following IPS detection:
[SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM
The clients are in different Windows versions, such as: 7, 8 and 10. I can see that they are trying to reach a specific host on the network but nothing has changed in the last days.
Could this be a case of just a bad set of Defs? And why the attack is being detected and not blocked?