Video Screencast Help

Allow Admins to Disable Client Notifications for Blocked Intrusion Detection

Created: 14 Jul 2010 • Updated: 21 Jul 2010 | 2 comments
7Tech's picture
0 Agree
2 Disagree
-2 2 Votes
Login to vote
Status: Already Offered

**Please Note** After discussing the below issue with an SEP tech support rep, he suggested I post this enhancement request here.

In our line of business and because of the test equipment we use, we get a staggering number of false positive blocked IP addressed/traffic notifications on the client machines. We get more than 3,500 per month. Due to this high number of alerts on the client machines, the alert balloon is a distraction and nuisance to the end user--not to mention it diminishes the urgency and therefore a client would probably ignore a legitimate blocked attack.

What would be helpful is if the SEP admins could edit the intrusion prevention policy to not show the alerts on the client machines. The reason this was not currently a feature, as explained to me by the SEP tech, seemed inconsistent with all of the other features that are configurable from within the management console--so this seems like a lacking feature in the current and next build of SEP.

Also, adding excluded subnets to the intrusion prevention policy is ineffective. The clients still get the notification balloons from excluded subnets.

Thanks for reading--and hopefully this feature can be added in future releases.

Comments 2 CommentsJump to latest comment

Farzad's picture

This feature is already provided!
follow the below instruction:

  1. Select the Clients section
  2. Select the Group you want to inactive the notification
  3. select the Policies tab
  4. Open the Location-specific Settings:
  5. Click on the link in front of: Client User Interface Control Settings: (Usually it is "Server Control")
  6. Select the Customize button in front of Server Control
  7. Uncheck the check box of "Display Intrusion Prevention notifications"
  8. OK and then OK

Done!
Piece of cake!

ESET Certified Specialist \ Symantec Certified Specialist  \  MCSE +Security  \  CCNSE

+1
Login to vote
7Tech's picture

Wow. I can't believe the tech did not know how to do that. He even put me on hold to ask one of his engineers and came back with a resaon Symantec does not allow you to turn off notifications.

The settings were sure well hid. Thanks--I just made the configuration changes.

Stephen

0
Login to vote