NetBios CIFS

NetBios is a protocol that is used for sharing files/printers, generally by Microsoft systems.

Profiles screen

“IPS” tab

Automatically detect and inspect the protocol If this protocol has been enabled, it will automatically be used for discovering corresponding packets in filter rules.

Maximum size of elements (bytes)

Name of files (SMB2 format) This number has to be between 1 and 65536 bytes. This file name size (SMB2 - ioctl referral request) is set by default to 61640 to protect the system from the vulnerability CVE 2009-2526.

Microsoft RPC (DCE/RPC)

Inspect Microsoft RPC (DCE/RPC) protocol As the DCE/RPC protocol can be encapsulated in this protocol, this option allows enabling or disabling its inspection.


Verify user legitimacy If this option is selected, you will be enabling user authentication via the CIFS header. The CIFS plugin will therefore be capable of extracting the user ID and comparing it against the list of users authenticated on the firewall.
When no authenticated users match, the packet will be blocked.


Disable intrusion prevention When this option is selected, the scan of the NetBios CIFS protocol will be disabled and traffic will be authorized if the filter policy allows it.