Intrusion Prevention policy settings

This policy includes configuration options for protection against network and browser attacks. This policy applies to both Windows and Mac devices. See:
Intrusion Prevention settings
Options and Descriptions
Audit Signatures
Audit signatures are those signatures that detect certain traffic types but take no default action. You can edit these signatures to define default actions.
You can add one or more signatures at a time. Once you add signatures to this list, you can select more than one at a time to enable, log, disable, or remove them.
Applies to Windows only.
Signature Action Exceptions
Defines any exceptions to the default signature actions for non-audit signatures.
The action
to disable and log is not supported for Mac devices.
You can add one or more signatures at a time. Once you add signatures to the exception list, you can select more than one at a time to enable, log, disable, or remove them. See:
User Notification Settings
Notifications are only sent for enabled signatures.
If you enable notifications for Intrusion Prevention, you also enable notifications for Memory Exploit Mitigation.
  • Show notification messages on the device
    Enables or disables user notifications with a default message. Applies to Windows and Mac devices.
  • Show a custom notification message on the device
    Include a custom notification message in the user notification. Applies to Windows devices only. This option is available under
    Show Advanced
Advanced Settings
  • Intrusion Prevention
    Indicates whether Intrusion Prevention is enabled. Applies to both Windows and Mac devices.
  • Enable URL reputation
    Enables or disables access to a URL based on its reputation. URL reputation filtering detects the web threats based on the reputation score of a web page. Reputation scores range from -10 (bad) to +10 (good). Web pages with reputation scores below a specific threshold are considered threats and blocked.
  • Browser Protection
    Enables or disables browser protection or log browser traffic activity without blocking it. Applies only to Windows devices.
  • Server Performance Tuning
    Out-of-band scanning
    Use signature subset for servers
    Out-of-band scanning
    are multi-threaded network scans that applies to network intrusion prevention.
    Out-of-band scanning
    is recommended for servers due to the high throughput environment.
    Use signature subset for servers
    uses a subset of intrusion prevention signatures for the most common activity that is seen on server operating systems. Applies to network intrusion prevention and browser intrusion prevention.
Out-of-band scanning
changes the processing model for networking traffic and may have compatibility issues with other Windows Filtering Platform (WFP) drivers. Therefore, if you enable this option, Symantec recommends that you test out-of-band scanning before you deploy it to your production environment. Performance characteristics vary depending on the workload.
Supported for Windows 8.1 and later.