FILE-IDENTIFY -- Snort has detecte File Type indicators associated with packet data, which it will use to facilitate a flowbit, a method of stringing rules together. In a flowbit, one rule examines packets for file type indications, which it uses to switch rules pertaining to that file type from a dormant to active state in order to process the appropriate packets. File-type rules stay dormant to prevent alerts on innocent traffic. That same traffic, when contained in, for instance, a .doc file attached to an email, might be a threat and should be scanned.
FILE-IDENTIFY Microsoft Windows Media download detected
This event is generated when network traffic indicating the use of a multimedia application is detected. Impact: This may be a violation of corporate policy since these applications can be used to bypass security measures designed to restrict the flow of corporate information to destinations external to the corporation. Details: Multimedia client applications can be used to view movies and listen to music files. Some also include file sharing facilities. Use of these programs may constitute a violation of company policy. Clients may also contain vulnerabilities that can give an attacker an attack vector for delivering Trojan horse programs and viruses. This rule detects the following Windows Media file types: File extension MIME type .wmz application/x-ms-wmz .wmd application/x-ms-wmd .wma audio/x-ms-wma .wax audio/x-ms-wax .wmv audio/x-ms-wmv .asf video/x-ms-asf .asx video/x-ms-asf .wvx video/x-ms-wvx .wm video/x-ms-wm .wmx video/x-ms-wmx Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos Brian Caswell Nigel Houghton
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
