Views:
The Intrusion Prevention Rules screen displays the Intrusion Prevention Rules supported by Trend Micro Apex Central Vulnerability Protection. Intrusion Prevention Rules examine the actual content of network packets (and sequences of packets). Based on the conditions set within the Intrusion Prevention Rule, various actions are then carried out on these packets. These actions include replacing specifically defined or suspicious byte sequences, or completely dropping packets and resetting the connection.
  • To filter the list of rules, use the Search box to specify full or partial strings that appear in any of the columns.
  • To sort the list of Intrusion Prevention Rules by column data, click a column heading.
  • To view detailed Intrusion Prevention Rule Properties, click the link in the Rule Name column of a rule.
  • To exclude traffic from one or more source endpoints from Vulnerability Protection scanning, click Configure Exceptions and specify the source IP addresses.
    Note
    Note
    You can add up to 100 entries to the exception list.
Note
Note
Trend Micro Apex Central automatically imports/updates Intrusion Prevention Rules from the Apex One server during manual or scheduled component updates.
Important
Important
Each managed product provides different policy settings that you can configure and deploy to policy targets. You can find a complete list of supported managed products and the policy settings for each in the Apex Central as a Service Widget and Policy Management Guide.
You can download a PDF version of the guide, or view the guide online, using the following link:
The following table outlines the rule information that displays on the Intrusion Prevention Rules screen.
Column
Description
Identifier
The unique identifier tag for the Intrusion Prevention Rule
Rule Name
The name of the Intrusion Prevention Rule
Application Type
The Application Type this Intrusion Prevention Rule is grouped under
Severity
The severity level that Trend Micro assigns to the rule
Note
Note
The severity of a rule has no effect on how the rule is implemented or applied. Severity levels can be useful as sorting criteria when viewing a list of Intrusion Prevention Rules.
Mode
The network engine detection mode used by the Intrusion Prevention module. Click a mode to configure the setting for the rule.
Type
The type of vulnerability detected:
  • Smart: Known or unknown (for example, zero-day) vulnerability
  • Exploit: Known exploit (usually signature based) for a known vulnerability
  • Vulnerability: Known vulnerability for which one or more exploits may exist
CVE
The Common Vulnerabilities and Exposures (CVE®) identifier that MITRE assigns to the vulnerability
For more information, see http://cve.mitre.org/.
Microsoft
The Common Vulnerabilities and Exposures (CVE®) identifier that Microsoft assigns to the vulnerability
CVSS Score
The Common Vulnerability Scoring System (CVSS) severity score of the vulnerability according the National Vulnerability Database
For more information, see http://nvd.nist.gov/cvss.cfm.
Last Updated
The date and time the rule was last modified