In Symantec's doscumentation, it suggests that exclusions for IPS can be added for both outbound and inbound traffic. According to technical support, the documentation is inaccurate and exclusions can only be written for inbound. I would like to see outbound exclusions added where I can exclude a local executable by file location, name and hash value. The only other current alternative (as indicated by Symantec) is to disable IPS on the host. This specific exclusion is for a vulnerability scanner.
↧