Filter
Top Products
33
4
IPS Policies
The IPS (Intrusion Prevention System) feature of Host Intrusion Prevention protects
computers with host intrusion prevention technology. IPS policies turn IPS protection
on and off, set the reaction level to events, and provide details on exceptions,
signatures, application protection rules, events, and client-generated exceptions.
This section describes the IPS feature and includes the following topics:
Overview
Configuring the IPS Options policy
Configuring the IPS Protection policy
Configuring the IPS Rules policy
IPS Rules policy details
IPS Events
IPS Client Rules
Search IPS Exception Rules
Overview
Host Intrusion Prevention clients have a database of IPS signature rules that determine
whether activity on the client computer is benign or malicious. When malicious activity
is detected, alerts known as events are sent to the ePO console and appear in the Host
Intrusion Prevention IPS Rules policy.
The protection level set for signatures in the IPS Protection policy determines which
action a client takes when an event occurs. Responses or reactions include ignore, log,
or prevent the activity.
Events that are false positives arising from legitimate activity can be overridden by
creating an exception to the signature rule or by qualifying applications as trusted.
Clients in Adaptive mode automatically create exceptions, called client rules.
Administrators can manually create exceptions at anytime.
Monitoring the events that occur and the client exception rules that are created helps
determine how to tune the deployment for the best IPS protection.