Meaning of "detect" in the Log Subtype in the IPS Report Template

Question

In the Sophos Central Report Generator (IPS Report Template), there is a column for Log Subtype we noticed that most of the values are "drop" however there are a few rows with values "detect". Does this mean did Sophos IPS allowed this traffic? If ever, where can we configure the IPS so that all detected malicious activity will be dropped?

This thread was automatically locked due to age.

Erick Jan · Answer

Hi Gideon Orozco, 
 Thank you for reaching out to Sophos Community. 
 In most cases, there&rsquo;s nothing to do with these alerts. The packet that triggered the alert has been discarded, and the endpoint has been protected. However, if a customer needs to prevent IPS from triggering on specific types of packets or target ports, they can enter an exclusion on the Global Exclusions page. 
 
 Kindly check the following for further details 
 
 Sophos Endpoint IPS: Endpoint IPS Detections explained 
 Deal with IPS Report 
 How to systematically analyze an IPS message?