Knowledge Center

Default Exploit Prevention actions taken based on signature severity level with Endpoint Security and Host Intrusion Prevention
Technical Articles ID:   KB90369
Last Modified:  3/12/2018


McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee Host Intrusion Prevention (Host IPS) 8.0


The following tables show the default actions that Exploit Prevention takes when a signature is triggered based on the signature severity level and the protection mode.

Product      ENS 10.2.x      ENS 10.5.x and later
Protection Mode Standard      Maximum Default Protection Mode
Action Block Report Block Report Block Report
Signature Severity Level Disabled No No No No No No
Informational No No No No No No
Low No No No No No No
Medium No No Yes Yes No No
High Yes Yes Yes Yes Yes Yes

Host IPS:
Product      Host IPS
Protection Mode Basic Protection      Enhanced Protection      Maximum Protection
Action Prevent or Ignore Prevent or Ignore Prevent or Ignore
Signature Severity Level Disabled Ignore Ignore Ignore
Informational Ignore Ignore Ignore
Low Ignore Ignore Prevent
Medium Ignore Prevent Prevent
High Prevent Prevent Prevent

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.