We have software that goes out to a distributors website and downloads updates. Part of these updates is a batch of Word documents in .docx format that have some ActiveX controls in them that are used for automation. They cannot be removed and are a normal part of their software. The problem is, for our standard "web access" rule we have enabled the default IPS rule "LAN to WAN" which is blocking this. In the firewall we have the following:
We have already added the domain that the downloads come from to the exceptions list under Protect -> Web -> Exceptions and also added the same domains to the "Local TLS exclusion list" but we still get the constant (100's per day) logs and emails and I'm assuming IPS ignores these exceptions.
Is there any way to either add a exception for this SignatureID or modify the default IPS rule or do I have to create a new IPS rule with all the same settings except for "file-office". I would like the "file-office" stuff to remain, I really only want this one signature ignored, but I don't see how to do that.