In tuning a deployment, creating IPS exception rules is one way to reduce false positives. This is not always practical when dealing with several thousand agents or having limited time and resources. A better solution is to create a list of trusted applications, which are applications known to be safe in a particular environment. For example, when you run a backup application, many false positive events can be triggered. To avoid this, make the backup application a trusted application.
|
A trusted application is susceptible to common vulnerabilities such as buffer overflow and illegal use. Therefore, a trusted application is still monitored and can trigger events to prevent exploits. |
To create a trusted application:
|
You can also create trusted applications based on an event. For details, see Creating event-based exceptions and trusted applications. |