Creating exceptions for IPS signatures

Article:HOWTO55167  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55167
Article Type
How To


Subject


Creating exceptions for IPS signatures

You can create exceptions to perform the following actions:

  • Change the default behavior of IPS network signatures

  • Specify browser signatures that client computers should ignore

You can change the action that the client takes when the IPS recognizes a network signature. You can also change whether the client logs the event in the Security log.

You cannot change the behavior of Symantec browser signatures; unlike network signatures, browser signatures do not allow custom action and logging settings. However, you can create an exception for a browser signature so that clients ignore the signature.

Note:

When you add a browser signature exception, Symantec Endpoint Protection Manager includes the signature in the exceptions list and automatically sets the action to Allow and the log setting to Do Not Block. You cannot customize the action or the log setting.

See Managing intrusion prevention on your client computers

Note:

To change the behavior of a custom IPS signature that you create or import, you edit the signature directly.

To change the behavior of Symantec IPS network signatures

  1. In the console, open an Intrusion Prevention policy.

  2. On the Intrusion Prevention Policy page, click Exceptions, and then click Add.

  3. In the Add Intrusion Prevention Exceptions dialog box, do one of the following actions to filter the signatures:

    • To display the signatures in a particular category, select an option from the Show category drop-down list.

    • To display the signatures that are classified with a particular severity, select an option from the Show severity drop-down list.

  4. Select one or more signatures.

    To make the behavior for all network signatures the same, click Select All.

  5. Click Next.

  6. In the Signature Action dialog box, set the action to Block or Allow.

    Note:

    The Signature Action dialog only applies to network signatures.

  7. Optionally, set the log action to Log the traffic or Do not log the traffic.

  8. Click OK.

    If you want to revert the network signature's behavior back to the original behavior, select the signature and click Delete.

    If you want clients to use the browser signature and not ignore it, select the signature and click Delete.

  9. Click OK.


Legacy ID



v38528395_v59371754


Article URL http://www.symantec.com/docs/HOWTO55167


Terms of use for this information are found in Legal Notices