Other than the Eicar string, file download, or zip extraction being detected immediately, no. I will use that example to "prove" that IPS is functioning. It would be nice to be able to figure out the ability to block a web site via a custom IPS signature. Here is the text of the custom IPS I am trying to get working;
rule tcp, dest=(80), msg="MSN Blocked", content="www.msn.com"
I have also tried;
rule tcp, dest=(80), saddr="$LOCALHOST", msg="MSN Blocked", content="www.msn.com"
I did not come up with either one of the strings above on my own, I have just copied them (and modified from Google to MSN) based on posts I have seen/read here on this forum. I could very well have something incorrect in the strings above. Every post I have read, indicates to me that blocking a website via a custom IPS did not work for others as well.