Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPS Exception question

Hi Checkmates,

I recently enabled IPS in detect mode to make sure that I have all false positives removed before enabling in prevent mode.

One of the false positives is coming from a monitoring system, that I want to create an exception for.

The monitoring system detects "Brute force scanning of CIFS ports".

I tried to create a global exception for this:

Protected scope: Monitoring system IP address

Source: Monitoring system IP address

Destination: Any

Protection: "Brute Force scanning of CIFS ports"

Services" microsoft-ds (tcp/445)

Action: inactive

Track: log

I am wondering what is wrong with this global exception as I still see this protection being detected in the log files.

Any help is really appreciated.

0 Kudos
13 Replies
This widget could not be displayed.