You use exceptions to change the behavior of Symantec IPS signatures.
For Windows and Mac computers, you can change the action that the client takes when the IPS recognizes a network signature. You can also change whether the client logs the event in the Security log.
For Windows computers, you cannot change the behavior of Symantec browser signatures; unlike network signatures, browser signatures do not allow custom action and logging settings. However, you can create an exception for a browser signature so that clients ignore the signature.
When you add a browser signature exception, Symantec Endpoint Protection Manager includes the signature in the exceptions list and automatically sets the action to Allow and the log setting to Do Not Log. You cannot customize the action or the log setting.
To change the behavior of a custom IPS signature that you create or import, you edit the signature directly. Custom signatures are supported on Windows computers only.
To create an exception for IPS signatures
In the console, open an Intrusion Prevention policy.
Under Windows Settings or Mac Settings, click Exceptions, and then click Add.
The signatures list populates with the latest LiveUpdate content that the management console downloaded. For Windows computers, the list appears blank if the management server has not yet downloaded the content. For Mac computers, the list always contains at least the built-in signatures, which are installed automatically on your Mac clients.
In the Add Intrusion Prevention Exceptions dialog box, do the following actions to filter the signatures:
(Windows only) To display only the signatures in a particular category, select an option from the Show category drop-down list. If you select Browser Protection, the signature action options automatically change to Allow and Do Not Log.
(Windows and Mac) To display the signatures that are classified with a particular severity, select an option from the Show severity drop-down list.
Select one or more signatures.
To make the behavior for all signatures the same, click Select All.
In the Signature Action dialog box, set the following options and then click OK.
Set Action to Block or Allow
Set Log to Log the traffic or Do not log the traffic.
These options only apply to network signatures. For browser signatures, click OK.
If you want to revert the signature's behavior back to the original behavior, select the signature in the Exceptions list, and then click Delete.