Rule Category

OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)

Alert Message

OS-WINDOWS Microsoft Windows Mark-of-the-Web security feature bypass attempt

Rule Explanation

This rule looks for specially crafted files that intend to bypass the Windows Mark-of-the-Web security feature.

What To Look For

This rule fires on attempts to exploit a Mark-of-the-Web bypass vulnerability on Windows hosts.

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

Rule Groups

No rule groups


Additional Links

Rule Vulnerability


Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
Loading description