Intrusion Prevention Rules | Trend Micro Service Central

Views:

The Intrusion Prevention Rules screen displays the Intrusion Prevention Rules supported by Apex Central Vulnerability Protection. Intrusion Prevention Rules examine the actual content of network packets (and sequences of packets). Based on the conditions set within the Intrusion Prevention Rule, various actions are then carried out on these packets. These actions include replacing specifically defined or suspicious byte sequences, or completely dropping packets and resetting the connection.

To filter the list of rules, use the Search box to specify full or partial strings that appear in any of the columns.
To sort the list of Intrusion Prevention Rules by column data, click a column heading.
To view detailed Intrusion Prevention Rule Properties, click the link in the Rule Name column of a rule.
To exclude traffic from one or more source endpoints from Vulnerability Protection scanning, click Configure Exceptions and specify the source IP addresses.

Note:
You can add up to 100 entries to the exception list.

Note:

Apex Central automatically imports/updates Intrusion Prevention Rules from the Apex One server during manual or scheduled component updates.

Important:

Each managed product provides different policy settings that you can configure and deploy to policy targets. You can find a complete list of supported managed products and the policy settings for each in the Apex Central Widget and Policy Management Guide.

You can download a PDF version of the guide, or view the guide online, using the following link:

https://docs.trendmicro.com/en-us/enterprise/apex-central.aspx

The following table outlines the rule information that displays on the Intrusion Prevention Rules screen.

Column	Description
Identifier	The unique identifier tag for the Intrusion Prevention Rule
Rule Name	The name of the Intrusion Prevention Rule
Application Type	The Application Type this Intrusion Prevention Rule is grouped under
Severity	The severity level that Trend Micro assigns to the rule Note: The severity of a rule has no effect on how the rule is implemented or applied. Severity levels can be useful as sorting criteria when viewing a list of Intrusion Prevention Rules.
Mode	The network engine detection mode used by the Intrusion Prevention module. Click a mode to configure the setting for the rule.
Type	The type of vulnerability detected: Smart: Known or unknown (for example, zero-day) vulnerability Exploit: Known exploit (usually signature based) for a known vulnerability Vulnerability: Known vulnerability for which one or more exploits may exist
CVE	The Common Vulnerabilities and Exposures (CVE^®) identifier that MITRE assigns to the vulnerability For more information, see http://cve.mitre.org/.
Microsoft	The Common Vulnerabilities and Exposures (CVE^®) identifier that Microsoft assigns to the vulnerability
CVSS Score	The Common Vulnerability Scoring System (CVSS) severity score of the vulnerability according the National Vulnerability Database For more information, see http://nvd.nist.gov/cvss.cfm.
Last Updated	The date and time the rule was last modified