Configuring Ips For Desktops And Laptops - F-SECURE CLIENT SECURITY 8.00 Administrator's Manual

218
What is a False Positive?
6.7.2

Configuring IPS for Desktops and Laptops

Step 1.
Detection sensitivity
This parameter is used for two purposes: it reduces the number
of alerts and it also affects the performance of the local machine.
If you use a smaller value, the number of false positives is
reduced.
10 = maximum network performance, minimum alerts
50 = only 50% (the most important and malicious ones) of the
IPS patterns are verified and reported in case of match.
100 = all preprogrammed patterns are verified and reported
in case of match.
The smaller the number is, less patterns are verified.
A recommended value for home users is 100%
A recommended value for desktops is 25%
False positive is an alert that wrongly indicates that the related event has
happened. In the F-Secure Client Security Internet Shield the alert text
usually indicates this by using words like "probable" or "possible". These
kind of alerts should be eliminated or minimized.
In this example the IPS is enabled for all the desktops and laptops in two
subdomains. It is assumed that desktops and laptops are located in their
own subdomains, Desktops/Eng and Laptops/Eng. It is assumed that the
desktops are also protected by the company firewall, and therefore the
alert performance level selected for them is lower. The laptops are
regularly connected to networks that cannot be considered safe, and
therefore the alert performance level selected for them is higher.
Configuring IPS for Desktops
1. Select the Desktops/Eng subdomain in the Policy Domains tab.
2. Go to the Settings tab and select the Firewall Security Levels page.