3 Replies Latest reply on Jan 29, 2017 2:09 AM by epository

    HIP exception

    a2wa2

      Dear friends

       

      On My HIPS I have threat events that the signature is about TCP port scan and it is false positive. I want to fixed it by exception rule to not annoy it from blocking,

      policy catalog>host intrusion prevention 8:IPS> IPS Rules>exception rule, here I do not know the meaning of executable parameters, I have remote ip  ,remote port, local ip,local port and threat ID =3700 in my threat log .but in this path I have only remote ip in my parameters.

      Is this exception work correctly? or I should add more features? how does it know to not to block this remote ip from accessing to this local ip?