If you enable IPS protection and the Display pop-up alert option, this alert automatically appears when Host Intrusion Prevention detects a potential attack. If the client is in Adaptive mode, this alert appears only if the Allow Client Rules option is disabled for the signature that caused the event to occur.
The Intrusion Information tab displays details about the attack that generated the alert, including a description of the attack, the user/client computer where the attack occurred, the process involved in the attack, and the time and date when Host Intrusion Prevention intercepted it. In addition, a generic administrator-specified message can appear.
You can ignore the event by clicking Ignore, or create an exception rule for the event by clicking Create Exception. The Create Exception button is active only if the Allow Client Rules option is enabled for the signature that caused the event to occur.
If the alert is the result of a HIP signature, the exception rule dialog box is prefilled with the name of the process, user, and signature. You can select All Signatures or All Processes, but not both. The user name will always be included in the exception.
If the alert is the result of a NIP signature, the exception rule dialog box is prefilled with the signature name and the host IP address. You can optionally select All Hosts.
.
In addition, you can click Notify Admin to send information about the event to the Host Intrusion Prevention administrator. This button is active only if the Allow user to notify administrator option is enabled in the applied Client UI policy.
Select Do not show any alerts for IPS Events to stop displaying IPS Event alerts. To have the alerts reappear after selecting this option, select Display pop-up alert in the Options dialog box.
|
This intrusion alert also appears for firewall intrusions if a firewall rule is matched that has the Treat rule match as an intrusion option selected. |