Creating an exception to a signature action

You can define exceptions to the default signature actions for non-audit signatures. For example, you may want to change the default action for testing purposes if the signature triggers a response on an internal tool. You can also define the default actions for audit signatures.
The available actions are as follows:
  • Enabled
    The signature is enabled, so the activity that the signature monitors is blocked. Activity is logged.
  • Logged
    The signature is disabled, so the activity that the signature monitors is allowed. Activity is logged.
    This option is not available for Mac devices.
  • Disabled
    The signature is disabled, so the activity that the signature monitors is allowed. Activity is not logged.
  1. To create an exception for a signature action
  2. In the cloud console, go to
    Policies
    and select an Intrusion Prevention policy.
  3. Under
    Details
    , select one of the following options:
    • Next to
      Audit Signatures
      , select
      Add
      .
      Applies to Windows only.
    • Next to
      Signature Action Exceptions
      , select
      Add
      .
  4. Search the list for the desired signature ID. You can also filter by specific criteria, such as severity.
  5. The
    Status
    column indicates the default action for this signature. Select the action menu to view and select other action options.
    Submit
    remains grayed out until you change the default action on at least one signature.
  6. After you change the action, select
    Submit
    to save the change.
Once this signature appears under
Audit Signatures
or
Signature Action Exception
, use the action menu to change the action again. You can also select
Remove
to remove the signature from the exception list and restore the default.