When Host Intrusion Prevention 8.0 IPS exceptions are created in ePolicy Orchestrator (ePO) 5.x, the criteria are applied in the following manner:
NOTE: The IPS exception criteria logic also applies to Host IPS 8.0, although the menu/configuration looks different.
- The IPS Exception Details tabs (Signatures, Users, Processes, and Advanced Details) in the Host Intrusion Prevention 8.0 policy are AND operations together.
- Within the Signatures criteria, the signatures are OR operations together.
- Within the Users criteria, the users are OR operations together.
- Within the Processes criteria, the processes are OR operations together.
- Within the Advanced Details criteria, parameters types that are the "same" are OR operations together.
- Within the Advanced Details criteria, parameters types that are "different" are AND operations together.
NOTE: See the Attachments section at the bottom of this article for a visual representation of the above information.
Signatures
Signature ####
OR
Signature ####
|
AND |
Users
User1
OR
User2
|
AND |
Processes
Process1
OR
Process2
|
AND |
Advanced Details
Parameter1 = value1
OR
Parameter1 = value2 |
AND |
Parameter2 = value1
OR
Parameter2 = value2 |
AND |
Parameter3 = value1
OR
Parameter3 = value2 |
|
For information about accessing Host Intrusion Prevention Exceptions Rules in ePO 5.x:
-
Log on to the ePO console.
-
Click Menu, Systems, System Tree.
-
Select the node or group to which the rule is applicable, and click the Policies tab.
-
Click Host Intrusion Prevention 8.0.x: IPS from the Product drop-down list.
-
Edit the IPS Rules (All Platforms) policy.
-
Click the Exception Rules tab and click any of the exceptions already created.
NOTE: The Exception Details mentioned above is displayed.