When Host Intrusion Prevention 7.0 IPS exceptions are created in ePolicy Orchestrator (ePO) 4.x, the criteria are applied in the following manner:
NOTE: The IPS exception criteria logic also applies to Host IPS 8.0, although the menu/configuration will look different.
- The IPS Exception Details tabs (Signatures, Users, Processes, and Advanced Details) in the Host Intrusion Prevention 7.0 policy are AND operations together.
- Within the Signatures criteria, the signatures are OR operations together.
- Within the Users criteria, the users are OR operations together.
- Within the Processes criteria, the processes are OR operations together.
- Within the Advanced Details criteria, parameters types that are the "same" are OR operations together.
- Within the Advanced Details criteria, parameters types that are "different" are AND operations together.
NOTE: Please refer to the Attachments section at the bottom of this article for a visual representation of the above information.
|
Signatures
Signature ####
OR
Signature ####
|
| AND |
|
Users
User1
OR
User2
|
| AND |
|
Processes
Process1
OR
Process2
|
| AND |
|
Advanced Details
Parameter1 = value1
OR
Parameter1 = value2 |
| AND |
Parameter2 = value1
OR
Parameter2 = value2 |
| AND |
Parameter3 = value1
OR
Parameter3 = value2 |
|
For information on accessing Host Intrusion Prevention Exceptions Rules in ePO 4.x:
-
Log on to the ePO console.
-
Click Menu, Systems, System Tree.
-
Select the node or group this applies to and click the Policies tab.
-
Click Host Intrusion Prevention 7.0.x: IPS from the Product drop-down list.
-
Edit the IPS Rules (All Platforms) policy.
-
Click the Exception Rules tab and click any of the exceptions already created.
NOTE: The Exception Details mentioned above will display.
