I just installed version 9673 on Windows server. This just started happening, but I'm not sure it's related to the new version.
Several times a day while using Webmail, I'm logged out and can't login due to a locked account. When I check the IDS blocks, I see my email. I unblock my email and log back in, but it happens again, as hackers are trying to login with my email.
The rule causing this is: Password Brute Force by Email
Time Frame - 10 Min
Logins before block - 2
Block Time - 360
There are only a couple users on the server, so we're comfortable with 2 logins before block, and set it low for a little more security...
I can see blocking new logins after a brute force attack, but I wouldn't expect for my current Webmail session to end.