Advisory: Sophos Endpoint - "Your connection isn't private" We're aware of a certificate issue and are actively working to resolve. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I disable a single Signature ID within IPS?

We have software that goes out to a distributors website and downloads updates.  Part of these updates is a batch of Word documents in .docx format that have some ActiveX controls in them that are used for automation.  They cannot be removed and are a normal part of their software.  The problem is, for our standard "web access" rule we have enabled the default IPS rule "LAN to WAN" which is blocking this.  In the firewall we have the following:

We have already added the domain that the downloads come from to the exceptions list under Protect -> Web -> Exceptions and also added the same domains to the "Local TLS exclusion list" but we still get the constant (100's per day) logs and emails and I'm assuming IPS ignores these exceptions.

Is there any way to either add a exception for this SignatureID or modify the default  IPS rule or do I have to create a new IPS rule with all the same settings except for "file-office".  I would like the "file-office" stuff to remain, I really only want this one signature ignored, but I don't see how to do that.



This thread was automatically locked due to age.