Modifying host and network signatures

You can view and modify default signatures on the Signatures tab of the IPS Rules policy. This enables you to change the severity level of the signature if the signature is causing false positives.

To modify default signatures:

  1. Double-click the signature you want to modify.
  2. The Signature Properties dialog box appears.

  3. On the General tab, modify the Severity Level, Allow Client Exceptions, or Log Status settings, and enter notes in the Note box to document the change.
  4. On the Description tab, review what the signature is protecting and what it provides. If there is a link, click it to open a browser page and view more information on the security threat.
  5. Click OK.
  6.  

    You can modify the severity level of several signatures at one time by selecting the signatures and clicking Modify the Severity Level. In the dialog box that appears, select Modified and the new severity level to be applied to the signatures, or select Default to return the signatures to their default severity level. Click OK to save the changes. Severity Level settings include High, Medium, Low, Information, and Disabled.

Copyright © 2006 McAfee, Inc. All Rights Reserved.