Creating exceptions for IPS signatures

You use exceptions to change the behavior of Symantec IPS signatures.
For Windows and Mac computers, you can change the action that the client takes when the IPS recognizes a network signature. You can also change whether the client logs the event in the Security log.
For Windows computers, you cannot change the behavior of Symantec browser signatures; unlike network signatures, browser signatures do not allow custom action and logging settings. However, you can create an exception for a browser signature so that clients ignore the signature.
When you add a browser signature exception,
Symantec Endpoint Protection Manager
includes the signature in the exceptions list and automatically sets the action to
Allow
and the log setting to
Do Not Log
. You cannot customize the action or the log setting.
For more information, see:
To change the behavior of a custom IPS signature that you create or import, you edit the signature directly. Custom signatures are supported on Windows computers only.
  1. To create an exception for IPS signatures
  2. In the console, open an Intrusion Prevention policy.
  3. Under
    Windows Settings
    or
    Mac Settings
    , click
    Exceptions
    , and then click
    Add
    .
    The signatures list populates with the latest LiveUpdate content that the management console downloaded. For Windows computers, the list appears blank if the management server has not yet downloaded the content. For Mac computers, the list always contains at least the built-in signatures, which are installed automatically on your Mac clients.
  4. In the
    Add Intrusion Prevention Exceptions
    dialog box, do the following actions to filter the signatures:
    • (Windows only) To display only the signatures in a particular category, select an option from the
      Show category
      drop-down list. If you select
      Browser Protection
      , the signature action options automatically change to
      Allow
      and
      Do Not Log
      .
    • (Windows and Mac) To display the signatures that are classified with a particular severity, select an option from the
      Show severity
      drop-down list.
  5. Select one or more signatures.
    To make the behavior for all signatures the same, click
    Select All
    .
  6. Click
    Next
    .
  7. In the
    Signature Action
    dialog box, set the following options and then click
    OK
    .
    • Set
      Action
      to
      Block
      or
      Allow
    • Set
      Log
      to
      Log the traffic
      or
      Do not log the traffic
      .
    These options only apply to network signatures. For browser signatures, click
    OK
    .
    If you want to revert the signature's behavior back to the original behavior, select the signature in the
    Exceptions
    list, and then click
    Delete
    .
  8. Click
    OK
    to save the policy changes.