Creating exceptions for IPS signatures
You can create exceptions to perform the following actions:
You can change the action that the client takes when the IPS recognizes a network signature. You can also change whether the client logs the event in the Security log.
You cannot change the behavior of Symantec browser signatures; unlike network signatures, browser signatures do not allow custom action and logging settings. However, you can create an exception for a browser signature so that clients ignore the signature.
When you add a browser signature exception, Symantec Endpoint Protection Manager includes the signature in the exceptions list and automatically sets the action to and the log setting to . You cannot customize the action or the log setting.
See Managing intrusion prevention on your client computers
To change the behavior of a custom IPS signature that you create or import, you edit the signature directly.
To change the behavior of Symantec IPS network signatures
In the console, open an Intrusion Prevention policy.
On the page, click , and then click .
In the Add Intrusion Prevention Exceptions dialog box, do one of the following actions to filter the signatures:
To display the signatures in a particular category, select an option from the drop-down list.
To display the signatures that are classified with a particular severity, select an option from the drop-down list.
Select one or more signatures.
To make the behavior for all network signatures the same, click .
In the Signature Action dialog box, set the action to or .
The Signature Action dialog only applies to network signatures.
Optionally, set the log action to or .
If you want to revert the network signature's behavior back to the original behavior, select the signature and click .
If you want clients to use the browser signature and not ignore it, select the signature and click .