- Products
- Learn
- Local User Groups
- Partners
- More
The State of Ransomware Q1 2026
Key Trends and Their Impact
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
You brought up a good question that I didn't know the answer to, so I checked it in my lab.
It looks like ultimately "Protections to Deactivate" in an IPS-enabled profile will take absolute priority over "Protections to Activate". Example:
Protections to Activate: Tag Threat Year 2014
Protections to Deactivate: Tag Threat Year 2014
Result: All protections tagged with Threat Year 2014 are Inactive
---------
Protections to Activate: Tags Vendor Wordpress & Product Wordpress
Protections to Deactivate: Tag Threat Year 2014
Result: All protections tagged with Threat Year 2014 (including those tagged with Wordpress) are Inactive
Just remember for these additional activations/deactivations to have an effect, the protection must meet the Severity/Performance Impact/Confidence criteria first. So in other words if your IPS profile is set to only enable protections with a Performance Impact of "Medium or Lower", a tag placed under "Protections to Activate" matching an IPS protection with a Performance Impact rating of "High" will NOT forcibly enable that protection in this case.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
