IPS is sending copious amounts of alerts for HP.SiteScope.Remote.Code.Execution. I'm curious to know if there is a way to exclude these alerts. We have determined this to be a false report generated from a program required one these handful of machines.
Any help would be greatly appreciated.
In your IPS sensor, there is one part for filters and one for overrides. If you put a specific signature into the overrides section and set the action to "monitor" then this signature will not be re-evaluated in the filter. In your case, you could "exempt" the signature from blocking.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
