Hi Tim,
Livening up this thread (5 years down the track) because I am looking into this at the moment.
The admin guide confirms what you have shared.
It seems to me like they really should update that part of the SmartConsole because the wording gives a false impression that the customer is actually enabling protections in a way that overrides the Profiles General Policy.
That makes it seem pointless..
I've left feedback on the admin guide to clear up the term "activation mode thresholds" because it does not match anything else in the documentation or SmartConsole.
References below.
If a customer wants to guarantee that a vendor that they use is protected by CP IPS (virtual patching) is the solution to avoid "Protections to activate" and instead search for the vendor in the IPS protections, do the research on each protection, and then activate/override accordingly (based on Profile settings?
For example, if I chose VMware and found an IPS protection is inactive in a relevant profile and it is matches a deployed product on site, then I would want to do an override to activate is for the relevant profile.
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...
"These categories only filter out or add protections that comply with the activation mode thresholds (Confidence, Severity, Performance).
For example, if a protection is inactive because of its Performance rating, it is not enabled even if its category is in ."