If anyone can chime in on what you they are doing to reduce false positive signature fires in NSM IDS specifically when it comes to adding exceptions? Is anyone adding proxies as exception objects to reduce fp's, if so, how is that working out? Is that a good approach?
The Best Practices guide for each version (available from McAfee KnowledgeBase - Network Security Platform documentation reference guide) has some information on tuning your policies, which is the best step you can take to reduce the amount of alerts. By applying a policy that only applies to the specific OSs, applications, protocols, etc that are on your network, you can remove many detections that are interpreted as false positives because they do not apply to your environment.