Allow Admins to Disable Client Notifications for Blocked Intrusion Detection
**Please Note** After discussing the below issue with an SEP tech support rep, he suggested I post this enhancement request here.
In our line of business and because of the test equipment we use, we get a staggering number of false positive blocked IP addressed/traffic notifications on the client machines. We get more than 3,500 per month. Due to this high number of alerts on the client machines, the alert balloon is a distraction and nuisance to the end user--not to mention it diminishes the urgency and therefore a client would probably ignore a legitimate blocked attack.
What would be helpful is if the SEP admins could edit the intrusion prevention policy to not show the alerts on the client machines. The reason this was not currently a feature, as explained to me by the SEP tech, seemed inconsistent with all of the other features that are configurable from within the management console--so this seems like a lacking feature in the current and next build of SEP.
Also, adding excluded subnets to the intrusion prevention policy is ineffective. The clients still get the notification balloons from excluded subnets.
Thanks for reading--and hopefully this feature can be added in future releases.