Video Screencast Help

Intrusion Prevention

Created: 18 Sep 2012 | 4 comments

Hi All,
 

I have two questions about intrusion prevention:

1-The intrusion prevention policy enabled in SEPM, that mean it working on client or must add all rules in "Intrusion Prevention Exceptions" to work?
2-Need to know the recommended setting if i need to apply Intrusion Prevention in servers like DC, Exchange. etc.

Thanks

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

1-The intrusion prevention policy enabled in SEPM, that mean it working on client or must add all rules in "Intrusion Prevention Exceptions" to work?

IPS are set of signatures, if you want to exclude some hosts or signatures to be scanned then yes, you need to do that .

2-Need to know the recommended setting if i need to apply Intrusion Prevention in servers like DC, Exchange. etc.

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

http://www.symantec.com/business/support/index?page=content&id=TECH162135
 

Brɨan's picture

If you apply the policy, all rules will be working but action depends on what their action is, whether block or allow

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

http://www.symantec.com/business/support/index?page=content&id=TECH162135

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mohan Babu's picture

1-The intrusion prevention policy enabled in SEPM, that mean it working on client or must add all rules in "Intrusion Prevention Exceptions" to work?

If IPS is enabled it indicates it is working on the clients. You dont have to enable or disable anything untill your environment need to exclude anything in IPS.

2-Need to know the recommended setting if i need to apply Intrusion Prevention in servers like DC, Exchange. etc.

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

http://www.symantec.com/business/support/index?page=content&id=TECH162135

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)