Internet Security Systems 3.5, Desktop Protector Ignoring Events

Chapter 4: Configuring RealSecure Desktop P rotector

Ignoring Events

You can configure RealSecure Desktop Protector to ignore events that are not a threat to

your system.

Note: Ignoring an event is different from trusting an intruder. Ignoring disregards certain

kinds of events. When an event type is ignored, Desktop Protector does not log any

information about events of that type. Trusting excludes an address from intrusion

detection. Intrusions from that address are not shown on the Events tab.

Ignoring an existing

event type

To ignore an event type:

1. On the Events tab, right-click the event/intruder combination.

2. On the shortcut menu, select Ignore Event.

3. From the submenu, select one of the following:

■This Event: The BlackICE intrusion detection component ignores all future

instances of the event.

■This Event by this Intruder: The BlackICE intrusion detection comp onent ignores

all future instances of this event by the referenced intruder.

4. Click Ye s.

Desktop Protector adds the event to the list of ignored events on the Detection tab in the

BlackICE Settings window.

Ignore an event

type in advance

When you know of a potential event but haven’t seen that type of event yet, and you want

Desktop Protector to allow the event, you can preemptively ignore the event type. For

example, you may want to ignore future HTTP port scans from your Internet Service

Provider. Follow these steps:

1. From the Main Menu, select To ol sÆEdit BlackICE Settings.

2. Select Intrusion Detection.

3. Click Add.

The Exclude from Reporting window appears.

4. Do one of the fo llowing:

■To ignore future events of a specific type, go to Step5.

■To ignore future events from a specific intruder, go to Step6.

5. Select All in the Addresses to Trust area, and then go to Step 8.

6. Type the IP address of the intruder in the IP box.

■Use standard

000.000.000.000

notation.

■If you are specifying a range of IP addresses, place a dash between them. For

example,

192.168.10.23–192.168.10.32

7. In the Attacks to Ignore area, clear the All check box.

The system enables the Name and ID boxes, and disables the Add Firewall Entry

check box.

8. Select the event type in the Name box, or select the event number in the ID box.

9. Click Add.