The Intrusion Prevention Rules screen displays the Intrusion Prevention
Rules supported by Trend Micro Apex Central
Vulnerability Protection. Intrusion Prevention Rules examine the actual content of
network
packets (and sequences of packets). Based on the conditions set within the Intrusion
Prevention
Rule, various actions are then carried out on these packets. These actions include
replacing
specifically defined or suspicious byte sequences, or completely dropping packets
and resetting
the connection.
-
To filter the list of rules, use the Search box to specify full or partial strings that appear in any of the columns.
-
To sort the list of Intrusion Prevention Rules by column data, click a column heading.
-
To view detailed Intrusion Prevention Rule Properties, click the link in the Rule Name column of a rule.
-
To exclude traffic from one or more source endpoints from Vulnerability Protection scanning, click Configure Exceptions and specify the source IP addresses.
Note
You can add up to 100 entries to the exception list.
NoteTrend Micro Apex Central
automatically imports/updates Intrusion Prevention Rules from the Apex One server
during manual
or scheduled component updates.
|
ImportantEach managed product provides different policy settings that you
can configure and deploy to policy targets. You can find a complete list of supported
managed
products and the policy settings for each in the Apex Central as a Service Widget and Policy Management
Guide.
You can download a PDF version of the guide, or view the guide online,
using the following link:
|
The following table outlines the rule information that displays on the Intrusion Prevention Rules screen.
Column
|
Description
|
||
Identifier
|
The unique identifier tag for the Intrusion Prevention
Rule
|
||
Rule Name
|
The name of the Intrusion Prevention Rule
|
||
Application Type
|
The Application Type this Intrusion Prevention Rule is
grouped under
|
||
Severity
|
The severity level that Trend Micro assigns to the
rule
|
||
Mode
|
The network engine detection mode used by the Intrusion Prevention
module. Click a mode to configure the setting for the rule.
|
||
Type
|
The type of vulnerability detected:
|
||
CVE
|
The Common Vulnerabilities and Exposures (CVE®) identifier that MITRE assigns to the vulnerability
For more information, see http://cve.mitre.org/.
|
||
Microsoft
|
The Common Vulnerabilities and Exposures (CVE®) identifier that Microsoft assigns to the
vulnerability
|
||
CVSS Score
|
The Common Vulnerability Scoring System (CVSS)
severity score of the vulnerability according the National Vulnerability
Database
For more information, see http://nvd.nist.gov/cvss.cfm.
|
||
Last Updated
|
The date and time the rule was last modified
|