Managing intrusion prevention on your client computers

Article:HOWTO81346

Created: 2012-10-25

Updated: 2012-10-27

Article URL http://www.symantec.com/docs/HOWTO81346

Article Type
How To

Product(s)

Show all

Subject

Show all

Languages

Show all

Managing intrusion prevention on your client computers

The default intrusion prevention settings protect client computers against a wide variety of threats. You can change the default settings for your network.

Table: Managing intrusion prevention

Task

Description

Learn about intrusion prevention

Learn how intrusion prevention detects and blocks network and browser attacks.

See How intrusion prevention works.

See About Symantec IPS signatures.

Enable or disable intrusion prevention

You might want to disable intrusion prevention for troubleshooting purposes or if client computers detect excessive false positives. However, to keep your client computers secure, typically you should not disable intrusion prevention.

You can enable or disable the following types of intrusion prevention in the Intrusion Prevention policy:

Network intrusion prevention
Browser intrusion prevention

See Enabling or disabling network intrusion prevention or browser intrusion prevention.

You can also enable or disable both types of intrusion prevention, as well as the firewall, when you run the Enable Network Threat Protection or Disable Network Threat Protection command.

See Running commands on the client computer from the console.

Create exceptions to change the default behavior of Symantec network intrusion prevention signatures

You might want to create exceptions to change the default behavior of the default Symantec network intrusion prevention signatures. Some signatures block the traffic by default and other signatures allow the traffic by default.

Note:

You cannot change the behavior of browser intrusion prevention signatures.

You might want to change the default behavior of some network signatures for the following reasons:

Reduce consumption on your client computers.
For example, you might want to reduce the number of signatures that block traffic. Make sure, however, that an attack signature poses no threat before you exclude it from blocking.
Allow some network signatures that Symantec blocks by default.
For example, you might want to create exceptions to reduce false positives when benign network activity matches an attack signature. If you know the network activity is safe, you can create an exception.
Block some signatures that Symantec allows.
For example, Symantec includes signatures for peer-to-peer applications and allows the traffic by default. You can create exceptions to block the traffic instead.

See Creating exceptions for IPS signatures.

If you want to block the ports that send and receive peer-to-peer traffic, use a Firewall policy.

See Creating a firewall policy.

Create exceptions to ignore browser signatures on client computers

You can create exceptions to exclude browser signatures from browser intrusion prevention.

You might want to ignore browser signatures if browser intrusion prevention causes problems with browsers in your network.

See Creating exceptions for IPS signatures.