Managing intrusion prevention on your client computers
| Article:HOWTO55156 | | | Created: 2011-06-29 | | | Updated: 2011-12-16 | | | Article URL http://www.symantec.com/docs/HOWTO55156 |
The default intrusion prevention settings protect client computers against a wide variety of threats. You can change the default settings for your network.
Table: Managing intrusion prevention
Task | Description | ||
|---|---|---|---|
Learn about intrusion prevention | Learn how intrusion prevention detects and blocks network and browser attacks. | ||
Enable or disable intrusion prevention | You might want to disable intrusion prevention for troubleshooting purposes or if client computers detect excessive false positives. However, to keep your client computers secure, typically you should not disable intrusion prevention. You can enable or disable the following types of intrusion prevention in the Intrusion Prevention policy:
See Enabling or disabling network intrusion prevention or browser intrusion prevention. You can also enable or disable both types of intrusion prevention, as well as the firewall, when you run the or command. See Running commands on the client computer from the console. | ||
Create exceptions to change the default behavior of Symantec network intrusion prevention signatures | You might want to create exceptions to change the default behavior of the default Symantec network intrusion prevention signatures. Some signatures block the traffic by default and other signatures allow the traffic by default.
You might want to change the default behavior of some network signatures for the following reasons:
See Creating exceptions for IPS signatures. You can use application control to prevent users from running peer-to-peer applications on their computers. See Typical application control rules. If you want to block the ports that send and receive peer-to-peer traffic, use a Firewall policy. | ||
Create exceptions to ignore browser signatures on client computers | You can create exceptions to exclude browser signatures from browser intrusion prevention. You might want to ignore browser signatures if browser intrusion prevention causes problems with browsers in your network. | ||
Exclude specific computers from intrusion prevention scans | You might want to exclude certain computers from intrusion prevention. For example, some computers in your internal network may be set up for testing purposes. You might want Symantec Endpoint Protection to ignore the traffic that goes to and from those computers. When you exclude computers, you also exclude them from the denial of service protection and port scan protection that the firewall provides. | ||
Configure intrusion prevention notifications | By default, messages appear on client computers for intrusion attempts. You can customize the message. | ||
Create custom intrusion prevention signatures | You can write your own intrusion prevention signature to identify a specific threat. When you write your own signature, you can reduce the possibility that the signature causes a false positive. For example, you might want to use custom intrusion prevention signatures to block and log Web sites. | ||
Monitor intrusion prevention | Regularly check that intrusion prevention is enabled on the client computers in your network. |
|
|
Legacy ID
v36820771_v59371754
Article URL http://www.symantec.com/docs/HOWTO55156
Terms of use for this information are found in Legal Notices
Thank you.