Endpoint Protection

 View Only

  • 1.  IPS policy in Symantec - Is it advisable to block all application in exceptions

    Posted Jul 29, 2013 05:17 AM

    HI ,

     

    IN IPS policy is it advisable to block all default applications in exception ?  sur With so many applications there under intrusion prevention and browser prevention , Not sure whether it is advisable to block all the applcation . Will it cause false positive if i add all those or it is that it has all common apps which should be blocked

     

     

     



  • 2.  RE: IPS policy in Symantec - Is it advisable to block all application in exceptions

    Broadcom Employee
    Posted Jul 29, 2013 05:40 AM

    you should block as per your company policy.

     



  • 3.  RE: IPS policy in Symantec - Is it advisable to block all application in exceptions

    Posted Jul 29, 2013 05:48 AM

    But what is the best practise ??



  • 4.  RE: IPS policy in Symantec - Is it advisable to block all application in exceptions

    Broadcom Employee
    Posted Jul 29, 2013 05:51 AM

    Best practices regarding Intrusion Prevention System technology

    Article:TECH95347  |  Created: 2009-01-03  |  Updated: 2013-07-13  |  Article URL http://www.symantec.com/docs/TECH95347

     



  • 5.  RE: IPS policy in Symantec - Is it advisable to block all application in exceptions

    Posted Jul 29, 2013 07:23 AM

    Not sure what you mean "applications"? can you explain a little further?

    The IPS signatures rarely causes false positives, I don't you having an issues by leaving the defaut policy in place. As a precaution, you can set each signature to log only is you wish, than you can monitor and change it to block if you wish.