Creating an exception to a signature action
You can define exceptions to the default signature actions for non-audit signatures. For example, you may want to change the default action for testing purposes if the signature triggers a response on an internal tool. You can also define the default actions for audit signatures.
The available actions are as follows:
- EnabledThe signature is enabled, so the activity that the signature monitors is blocked. Activity is logged.
- LoggedThe signature is disabled, so the activity that the signature monitors is allowed. Activity is logged.This option is not available for Mac devices.
- DisabledThe signature is disabled, so the activity that the signature monitors is allowed. Activity is not logged.
- To create an exception for a signature action
- In the cloud console, go toPoliciesand select an Intrusion Prevention policy.
- UnderDetails, select one of the following options:
- Next toAudit Signatures, selectAdd.Applies to Windows only.
- Next toSignature Action Exceptions, selectAdd.
- Search the list for the desired signature ID. You can also filter by specific criteria, such as severity.
- TheStatuscolumn indicates the default action for this signature. Select the action menu to view and select other action options.Submitremains grayed out until you change the default action on at least one signature.
- After you change the action, selectSubmitto save the change.
Once this signature appears under
Signature Action Exception, use the action menu to change the action again. You can also select
Removeto remove the signature from the exception list and restore the default.