Symantec 20032623 - Endpoint Protection Small Business Edition Implementation Manual page 231

Managing intrusion prevention (continued)
Table 16-1
Task
Create exceptions to change the default
behavior of Symantec network
intrusion prevention signatures
Managing intrusion prevention on your client computers
Description
You might want to create exceptions to change
the default behavior of the default Symantec
network intrusion prevention signatures. Some
signatures block the traffic by default and other
signatures allow the traffic by default.
Note:
You cannot change the behavior of browser
intrusion prevention signatures.
You might want to change the default behavior
of some network signatures for the following
reasons:
Reduce consumption on your client computers.
For example, you might want to reduce the
number of signatures that block traffic. Make
sure, however, that an attack signature poses
no threat before you exclude it from blocking.
Allow some network signatures that Symantec
blocks by default.
For example, you might want to create
exceptions to reduce false positives when
benign network activity matches an attack
signature. If you know the network activity is
safe, you can create an exception.
Block some signatures that Symantec allows.
For example, Symantec includes signatures
for peer-to-peer applications and allows the
traffic by default. You can create exceptions
to block the traffic instead.
See Creating exceptions for IPS signatures"
on page 234.
If you want to block the ports that send and
receive peer-to-peer traffic, use a Firewall policy.
See Creating a firewall policy"
Managing intrusion prevention
on page 209.
231