Allow Admins to Disable Client Notifications for Blocked Intrusion Detection
**Please Note** After discussing the below issue with an SEP tech support rep, he suggested I post this enhancement request here.
In our line of business and because of the test equipment we use, we get a staggering number of false positive blocked IP addressed/traffic notifications on the client machines. We get more than 3,500 per month. Due to this high number of alerts on the client machines, the alert balloon is a distraction and nuisance to the end user--not to mention it diminishes the urgency and therefore a client would probably ignore a legitimate blocked attack.
What would be helpful is if the SEP admins could edit the intrusion prevention policy to not show the alerts on the client machines. The reason this was not currently a feature, as explained to me by the SEP tech, seemed inconsistent with all of the other features that are configurable from within the management console--so this seems like a lacking feature in the current and next build of SEP.
Also, adding excluded subnets to the intrusion prevention policy is ineffective. The clients still get the notification balloons from excluded subnets.
Thanks for reading--and hopefully this feature can be added in future releases.
Comments 2 Comments • Jump to latest comment
This feature is already provided!
follow the below instruction:
Done!
Piece of cake!
Symantec Certified Specialist \ MCSE +Security \ CCNSE
Wow. I can't believe the tech did not know how to do that. He even put me on hold to ask one of his engineers and came back with a resaon Symantec does not allow you to turn off notifications.
The settings were sure well hid. Thanks--I just made the configuration changes.
Stephen
Would you like to reply?
Login or Register to post your comment.