AnsweredAssumed Answered

IPS Exception question

Question asked by Jan de Gier on Mar 11, 2018
Latest reply on Mar 25, 2018 by Jan de Gier

Hi Checkmates,

 

I recently enabled IPS in detect mode to make sure that I have all false positives removed before enabling in prevent mode.

 

One of the false positives is coming from a monitoring system, that I want to create an exception for.

The monitoring system detects "Brute force scanning of CIFS ports".

 

I tried to create a global exception for this:

Protected scope: Monitoring system IP address

Source: Monitoring system IP address

Destination: Any

Protection: "Brute Force scanning of CIFS ports"

Services" microsoft-ds (tcp/445)

Action: inactive

Track: log

 

I am wondering what is wrong with this global exception as I still see this protection being detected in the log files.

 

Any help is really appreciated.

Outcomes