Managing intrusion prevention
The default intrusion prevention settings protect client computers against a wide variety of threats. You can change the default settings for your network.
If you run
Symantec Endpoint Protectionon servers, intrusion prevention might affect server resources or response time. For more information, see:
The Linux client does not support intrusion prevention.
Enable intrusion prevention
To keep your client computers secure, you should keep intrusion prevention enabled:
For more information, see:
You can also enable both types of intrusion prevention, as well as the firewall, when you run the
Enable Network Threat Protectioncommand on a group or client. See:
Create exceptions to change the default behavior of Symantec network intrusion prevention signatures
You might want to create exceptions to change the default behavior of the default Symantec network intrusion prevention signatures. Some signatures block the traffic by default and other signatures allow the traffic by default.
You cannot change the behavior of browser intrusion prevention signatures.
You might want to change the default behavior of some network signatures for the following reasons:
For more information, see:
You can use application control to prevent users from running peer-to-peer applications on their computers. See:
If you want to block the ports that send and receive peer-to-peer traffic, use a Firewall policy. See:
Create exceptions to ignore browser signatures on client computers
You can create exceptions to exclude browser signatures from browser intrusion prevention on Windows computers.
You might want to ignore browser signatures if browser intrusion prevention causes problems with browsers in your network. See:
Exclude specific computers from network intrusion prevention scans
You might want to exclude certain computers from network intrusion prevention. For example, some computers in your internal network may be set up for testing purposes. You might want
Symantec Endpoint Protectionto ignore the traffic that goes to and from those computers.
When you exclude computers, you also exclude them from the denial of service protection and port scan protection that the firewall provides. See:
Configure intrusion prevention notifications
By default, messages appear on client computers for intrusion attempts. You can customize the message. See:
Create custom intrusion prevention signatures (Windows only)
You can write your own intrusion prevention signature to identify a specific threat. When you write your own signature, you can reduce the possibility that the signature causes a false positive.
For example, you might want to use custom intrusion prevention signatures to block and log websites. See:
You must have the firewall installed and enabled to use custom IPS signatures. See:
Monitor intrusion prevention
Regularly check that intrusion prevention is enabled on the client computers in your network. See: