You can also configure browser intrusion prevention to only log detections, but not block them. You should use this configuration on a temporary basis as it lowers the client's security profile. For example, you would configure log-only mode only while you troubleshoot blocked traffic on the client. After you review the attack log to identify and exclude the signatures that block traffic, you disable log-only mode.
Create exceptions to change the default behavior of Symantec network intrusion prevention signatures
You might want to create exceptions to change the default behavior of the default Symantec network intrusion prevention signatures. Some signatures block the traffic by default and other signatures allow the traffic by default.
You cannot change the behavior of browser intrusion prevention signatures.
You might want to change the default behavior of some network signatures for the following reasons:
Reduce consumption on your client computers.
For example, you might want to reduce the number of signatures that block traffic. Make sure, however, that an attack signature poses no threat before you exclude it from blocking.
Allow some network signatures that Symantec blocks by default.
For example, you might want to create exceptions to reduce false positives when benign network activity matches an attack signature. If you know the network activity is safe, you can create an exception.
Block some signatures that Symantec allows.
For example, Symantec includes signatures for peer-to-peer applications and allows the traffic by default. You can create exceptions to block the traffic instead.
Use audit signatures to monitor certain types of traffic (Windows only)
Audit signatures have a default action of Not log for certain traffic types, such as traffic from instant message applications. You can create an exception to log the traffic so that you can view the logs and monitor this traffic in your network. You can then use the exception to block the traffic, create a firewall rule to block the traffic, or leave the traffic alone.
You can also create an application rule for the traffic.
Exclude specific computers from network intrusion prevention scans
You might want to exclude certain computers from network intrusion prevention. For example, some computers in your internal network may be set up for testing purposes. You might want Symantec Endpoint Protection to ignore the traffic that goes to and from those computers.
When you exclude computers, you also exclude them from the denial of service protection and port scan protection that the firewall provides.