You might want to disable intrusion prevention for troubleshooting purposes or if client computers detect excessive false positives. However, to keep your client computers secure, typically you should not disable intrusion prevention.
You can enable or disable the following types of intrusion prevention in the Intrusion Prevention policy:
Create exceptions to change the default behavior of Symantec network intrusion prevention signatures
You might want to create exceptions to change the default behavior of the default Symantec network intrusion prevention signatures. Some signatures block the traffic by default and other signatures allow the traffic by default.
You cannot change the behavior of browser intrusion prevention signatures.
You might want to change the default behavior of some network signatures for the following reasons:
Reduce consumption on your client computers.
For example, you might want to reduce the number of signatures that block traffic. Make sure, however, that an attack signature poses no threat before you exclude it from blocking.
Allow some network signatures that Symantec blocks by default.
For example, you might want to create exceptions to reduce false positives when benign network activity matches an attack signature. If you know the network activity is safe, you can create an exception.
Block some signatures that Symantec allows.
For example, Symantec includes signatures for peer-to-peer applications and allows the traffic by default. You can create exceptions to block the traffic instead.