ESET Online Help

Search English
Select the topic

IDS rules

Intrusion Detection System (IDS) may detect communication between routers or other internal networking devices as a potential attack. For example, you can add the known safe address to the Addresses excluded from IDS zone to bypass the IDS.

The IDS rules editor enables you to customize network protection behavior based on various IDS rules, which are evaluated from top to bottom.

The first matching rule is applied separately for each action type (Block, Notify, Log). Top/Up/Down/Bottom allows you to adjust the priority level of rules. Click Edit to modify an existing IDS rule or Delete to remove it.

Click Add to create a new IDS rule:

Detection—Type of detection.

Threat name—You can specify a threat name for some of the detections available.

Application—Select the file path of an excepted application by clicking ... (for example C:\Program Files\Firefox\Firefox.exe). Do NOT type the name of the application.

Remote IP address—Specify a list of IP addresses (IPv4 or IPv6) or subnets. For multiple entries use comma as a delimiter.

Profile—You can choose a network connection profile to which this rule will apply.

Tab Exclusions will be displayed if an administrator creates IDS rules in ESET PROTECT On-Prem Web Console. IDS rules that contain exclusions are evaluated before other IDS rules.

Configure Action type for IDS rule by selecting one of the options from the drop-down menu. The available values are Default/Yes/No.

Block—If want a notification to be displayed in case of an IDS rule alert, as well as have the time of the event logged, leave the Block action type Default.

Notify—Select Yes to display Desktop notifications.

Log—Select Yes to log events to ESET Security for Microsoft SharePoint log files.