Guest

Preview Tool

Cisco Bug: CSCuw41474 - Not all Disabled detectors enabled aftr all risk enable policy applied

Last Modified

Aug 20, 2018

Products (6)

  • Cisco Firepower Management Center
  • Cisco FireSIGHT Management Center 750
  • Cisco Firepower Management Center 4000
  • Cisco FireSIGHT Management Center 1500
  • Cisco FireSIGHT Management Center 3500
  • Cisco Firepower Management Center Virtual Appliance

Known Affected Releases

5.3.1.6

Description (partial)

Symptom:
Steps to reproduce:


Register S3 Sensor on S3 DC on 5.3.x.x


Create and apply a blank "Network Discovery" AC policy to your sensor

Navigate to Policies > Application detectors and disable any detector by moving the slider. You may want to jump to a random page of detectors
Disable a detector

Create and apply an "all risks" AC policy by selecting all of the "Risk" categories under the Applications tab of your AC policy. Be sure to click "Add to Rule" and enable logging before hitting "Save and Apply"

When it's done, check the detector . It should now be enabled because of your AC policy. Try to disable it, it should fail to deactivate because the AC policy requires it.

Expected Result:
All detectors should be active and can't be disabled while all risks AC policy is applied.

Actual result:
The detector that was manually disabled previously, is still disabled.

Conditions:
Observed on:

Model	Virtual Defense Center 64bit
Serial Number	None
Software Version	5.3.1.6 (build 16)
OS	Sourcefire Linux OS 5.3.0 (build73)
Snort Version	2.9.6 GRE (Build 86)
Rule Update Version	2015-09-16-001-vrt
Rulepack Version	1575
Module Pack Version	1806
Geolocation Update Version	2015-09-12-001
VDB Version	build 252 ( 2015-09-21 17:35:38 )
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.