I am not talking about enabling. I am referring to the default " Action" parameter. Look up " MS.DirectX.MsVidCtl.ActiveX.Control.Access" for instance. It is the signature for the exploit publicized this week for Direct X exploit that can be used in normal web browsing. The severity level is considered " Critical" , but according to " Predefined" tab, packets utilizing this exploit will be passed by default, unless I specify that the IPS sensor it is enabled in overrides the default action value. My question is, if this exploit is considered " Critical" why isn' t the default action " Drop" ?
----------------(--
Jeff