Security policy filters act as attack and policy filters. As attack filters, these
               filters compare packet contents with recognizable header or data content in the attack
               along with
               the protocol, service, and the operating system or software the attack affects. These
               attack
               filters require deployment knowledge and/or operational policy. 
These filters detect traffic that may or may not be malicious that may meet one of
               the following criteria:  
- Different in its format or content from standard business practice.
- Aimed at specific software or operating systems.
- Contrary to your company security policies.
By default, Security Policy filters are disabled. Configuring security policy filters
               requires
               knowledge of the installation network configuration. When enabled, these filters may
               generate
               false attack alerts depending on your network or application environment. For example,
               false
               alerts could be caused by the following:  
               
- Custom or legacy software that uses standard protocols in non-standard ways.
- Attacks on applications or operating systems that you do not have installed.
- Activities that could be benign or malicious depending on where they originate.
|  | NoteScan your network hosts before disabling or creating exceptions to specific attack
                              protection
                              filters. Some operating systems install default services which may be vulnerable to
                              attack. If
                              you disable or add an exception to a filter that protects a service that you do not
                              know about,
                              you may increase your network vulnerability. | 
 
		