Exception rules

An exception is a rule for overriding blocked activity. In some cases, behavior that a signature defines as an attack may be part of a user’s normal work routine or an activity that is legal for a protected application. To override the signature, you can create an exception that allows legitimate activity. For example, an exception might state that for a particular agent, a process is ignored.

You can create these exceptions manually, or place agents in Adaptive mode and allow them to create client exception rules. To ensure that some signatures are never overridden, edit the signature and disable the Allow Client Rules options. You can track the client exceptions in the ePolicy Orchestrator console, viewing them in a regular and aggregated view. Use these client rules to create new policies or add them to existing policies that you can apply to other agents.

Copyright © 2006 McAfee, Inc. All Rights Reserved.