On My HIPS I have threat events that the signature is about TCP port scan and it is false positive. I want to fixed it by exception rule to not annoy it from blocking,
policy catalog>host intrusion prevention 8:IPS> IPS Rules>exception rule, here I do not know the meaning of executable parameters, I have remote ip ,remote port, local ip,local port and threat ID =3700 in my threat log .but in this path I have only remote ip in my parameters.
Is this exception work correctly? or I should add more features? how does it know to not to block this remote ip from accessing to this local ip?