2 Replies Latest reply on Mar 6, 2013 3:11 AM by alhaawi

    IPS policy to stop an event or attack without sending alert to epo server

    alhaawi

      We have testing group, this group has some computers that are protected by host ips policy with prevent critical enabled. This group is keeping sending host ips events to epo 4.6 server. I like to create a policy that stop this  event or attack without sending alert to epo server

        • 1. Re: IPS policy to stop an event or attack without sending alert to epo server
          hbssadmin

          I'm not sure if I understand the question but i will try to answer it:

           

          If events are showing up within ePO in your threat event log or HIPS log, then you need to decide if it is legitimate activity. If it is legitimate, then you will want to create an exception.

           

          To do this, while viewing the event, go to the actions button at the bottom of the page, and select create exceptions from the popup list. Another popup will appear and you need to select the policy that is applied to the test group and it will automatically generate an exception for you. You can then wake up the agents so they get the new policy or wait for the next policy enforcement.

           

          Another option:

           

          Find out which signature is generating all the traffic, go to the IPS Rules policy in question, find that signature, disable logging. By doing this, the signature will still be active but you will not know when it gets triggered. Important Note: this can adversely affect your troubleshooting efforts. Not recommended but in rare cases, it is an option.

          • 2. Re: IPS policy to stop an event or attack without sending alert to epo server
            alhaawi

            hello hbssadmin

             

            the problem with the first option the it will not prevent the event, and the second one will disable the logging on the client log, but it will still send event to the epo server!

            thanks