A major element in the tuning process placing Host Intrusion Prevention agents in Adaptive mode for IPS, firewall, and application blocking, or Learn mode for firewall and application blocking. These modes allow agents to create client exception rules to administrative policies. Adaptive mode does this automatically without user interaction, while Learn mode requires the user to tell the system what to do when an event is generated.
These modes analyze events first for the most malicious attacks, such as buffer overflow. If the activity is considered regular and necessary for business, client exception rules are created. By setting representative agents in Adaptive or Learn mode, you can obtain a tuning configuration for them. Host Intrusion Prevention then allows you to take any, all or none of the client rules and convert them to server-mandated policies. When tuning is complete, turn off the Adaptive or Learn modes to tighten the system’s intrusion prevention protection.