Knowledge Center

• The IPS Exception Details tabs (Signatures, Users, Processes, and Advanced Details) in the Host Intrusion Prevention 7.0 policy are AND operations together.
• Within the Signatures criteria, the signatures are OR operations together.
• Within the Users criteria, the users are OR operations together.
• Within the Processes criteria, the processes are OR operations together.
• Within the Advanced Details criteria, parameters types that are the "same" are OR operations together.
• Within the Advanced Details criteria, parameters types that are "different" are AND operations together.

Signatures      Signature ####          OR       Signature ####

AND

Users      User1          OR      User2

AND

Processes      Process1          OR      Process2

AND

Advanced Details Parameter1 = value1          OR Parameter1 = value2 AND Parameter2 = value1          OR Parameter2 = value2 AND Parameter3 = value1          OR Parameter3 = value2

1. Log on to the ePO console.
2. Click Menu, Systems, System Tree.
3. Select the node or group this applies to and click the Policies tab.
4. Click Host Intrusion Prevention 7.0.x: IPS from the Product drop-down list.
5. Edit the IPS Rules (All Platforms) policy.
6. Click the Exception Rules tab and click any of the exceptions already created.
   NOTE: The Exception Details mentioned above will display.