May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!
Mastering Compliance
Unveiling the power of Compliance Blade
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
You brought up a good question that I didn't know the answer to, so I checked it in my lab.
It looks like ultimately "Protections to Deactivate" in an IPS-enabled profile will take absolute priority over "Protections to Activate". Example:
Protections to Activate: Tag Threat Year 2014
Protections to Deactivate: Tag Threat Year 2014
Result: All protections tagged with Threat Year 2014 are Inactive
---------
Protections to Activate: Tags Vendor Wordpress & Product Wordpress
Protections to Deactivate: Tag Threat Year 2014
Result: All protections tagged with Threat Year 2014 (including those tagged with Wordpress) are Inactive
Just remember for these additional activations/deactivations to have an effect, the protection must meet the Severity/Performance Impact/Confidence criteria first. So in other words if your IPS profile is set to only enable protections with a Performance Impact of "Medium or Lower", a tag placed under "Protections to Activate" matching an IPS protection with a Performance Impact rating of "High" will NOT forcibly enable that protection in this case.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
