Create a custom library with a signature group

You must create a custom library to contain your custom signatures. When you create a custom library, you use signature groups to manage the signatures more easily. You must add at least one signature group to a custom signature library before you add the signatures.

See Creating a custom IPS library.

Add custom IPS signatures to a custom library

You add custom IPS signatures to a signature group in a custom library.

See Adding signatures to a custom IPS library.

Assign libraries to client groups

You assign custom libraries to client groups rather than to a location.

See Assigning multiple custom IPS libraries to a group.

Change the order of signatures

Intrusion prevention uses the first rule match. Symantec Endpoint Protection checks the signatures in the order that they are listed in the signatures list.

If the Block all traffic signature is listed first, the Allow all traffic signature is never enacted. If the Allow all traffic signature is listed first, the Block all traffic signature is never enacted, and all HTTP traffic is always allowed.

See Changing the order of custom IPS signatures.

Copy and paste signatures

You can copy and paste signatures between groups and between libraries.

See Copying and pasting custom IPS signatures.

Define variables for signatures

When you add a custom signature, you can use variables to represent changeable data in signatures. If the data changes, you can edit the variable instead of editing the signatures throughout the library.

See Defining variables for custom IPS signatures.

Test custom signatures

You should test the custom intrusion prevention signatures to make sure that they work.

See Testing custom IPS signatures.