Intrusion prevention automatically detects and blocks network attacks. On Windows computers, intrusion prevention also detects and blocks browser attacks on supported browsers. Intrusion prevention is the second layer of defense after the firewall to protect client computers. Intrusion prevention is sometimes called the intrusion prevention system (IPS).
The default intrusion prevention settings protect client computers against a wide variety of threats. You can change the default settings for your network.
To enable or disable network intrusion prevention or browserintrusion prevention:
1.In the console, open Policy and click on Intrusion Prevention and On the Intrusion Prevention Policy tab, double click on Intrusion Prevention Policy :
2. On the opened Intrusion Prevention Policy page click on Intrusion Prevention and Check or uncheck the following options to enable or disable network intrusion prevention or browser intrusion prevention:
You can also create exceptions for IPS signatures.
You use exceptions to change the behavior of Symantec IPS signatures
1.In the console, open Policy and click on Intrusion Prevention and On the Intrusion Prevention Policy tab, double click on Intrusion Prevention Policy, Under Windows Settings or Mac Settings, click Exceptions, and then click Add:
2.In the Add Intrusion Prevention Exceptions dialog box, do the following actions to filter the signatures:
- (Windows only) To display only the signatures in a particular category, select an option from the Show category drop-down list. If you select Browser Protection, the signature action options automatically change to Allow and Do Not Log.
- (Windows and Mac) To display the signatures that are classified with a particular severity, select an option from the Show severity drop-down list.
Select signature which you want and click next:
3.In the Signature Action dialog box, You can set one of the options below and click OK:
- Set Action to Block or Allow
- Set Log to Log the traffic or Do not log the traffic
4. And click OK to save the policy changes.
You can also excluded hosts which the client does not match attack signatures or check for port scans or denial-of-service attacks.
For example, you might exclude computers to allow an Internet service provider to scan the ports in your network to ensure compliance with their service agreements. Or, you might have some computers in your internal network that you want to set up for testing purposes
To set up a list of excluded computers:
1.In the console, open Policy and click on Intrusion Prevention and On the Intrusion Prevention Policy tab, double click on Intrusion Prevention Policy then click on Intrusion Prevention . Check Enable excluded hosts and then click Excluded Hosts :
2.To add the hosts that you want to exclude, click Add and type you IP address , IP range or Subnet and click OK(i will be add IP address):
3. Click Ok to close Excluded Host windows and then click OK to close Intrusion Prevention Policy window.
