In McAfee Sidewinder 8.2.1 is there any way to bypass my local user IPs from being blackholed due to Policy Violation. Many of my users IPs which have restricted websites access , get blackhole only due to their IP going on different unauthorized IPs . If I bypass local IPs for a specific category like Policy Violation ?
You have to create a new Audit Filter that has 'and not srcip a.b.c.d and not srcip 188.8.131.52' attached to the end of whatever other things you're filtering on (like 'category policy_violation and not srcip a.b.c.d'). Then use that filter in the Attack Responses settings instead of the standard 'category policy_violation' filter.