General

Intrusion Prevention

You can configure this Policy or Computer to inherit its Intrusion Prevention On/Off state from its parent Policy or you can lock the setting locally.

Set the Intrusion Prevention behavior to "Prevent" or "Detect".

When first applying a new set of Intrusion Prevention Rules you can choose to set the Intrusion Prevention behavior to "Detect". When in Detect mode, the Intrusion Prevention engine will apply all the same Intrusion Prevention Rules to traffic but instead of dropping packets, it will only log an Event and let the traffic pass. Use this behavior to ensure the new Intrusion Prevention Rules will not interfere with legitimate traffic.

This setting only applies when the Network Engine is operating Inline; that is, live traffic is being streamed through the Vulnerability ProtectionDeep Security network engine. The alternative to Inline mode is Tap mode, where the live traffic is cloned, and it is only this cloned traffic that is analyzed by the network engine. Prevent mode is impossible when in Tap Mode because the network engine does not control the live traffic stream.

To switch between Inline and Tap mode, open a Policy or Computer Editor and go to Settings > Network Engine > Network Engine Mode.

Assigned Intrusion Prevention Rules

Displays the Intrusion Prevention Rules that are in effect for this Policy or computer. To add or remove Intrusion Prevention Rules, click Assign/Unassign... This will display a window showing all available Intrusion Prevention Rules from which you can select or de-select Rules.

From an Editor window, you can edit an Intrusion Prevention Rule so that your changes apply only locally in the context of your editor (either the Computer or Policy Editor), or you can edit the Rule so that the changes apply globally to all other Policies and Computers that are using the Rule.

To edit the Rule locally, select the Rule and click Properties... () or right-click the Rule and click Properties...

To edit the Rule globally, right-click the Rule and click Properties (Global)...

Recommendations

Vulnerability ProtectionDeep Security can perform regular Recommendation Scans which scan a computer and make recommendations about the application of various security Rules. Selecting this checkbox will automatically assign recommended rules for the computer and automatically unassign rules that are not required.

If you select this option, you should also opt to allow Vulnerability ProtectionDeep Security Rule Updates to automatically assign new Intrusion Prevention Rules. Go to Administration > System Settings > Updates and select Automatically apply new Rule Updates to Policies in the Rule Updates area.

To schedule periodic Recommendation Scans, in the Vulnerability ProtectionDeep Security Manager go to Administration > Scheduled Tasks and create a new Scheduled Task.

See also: