IDS exceptions

IDS exceptions allows you to configure advanced filtering options to detect several types of attacks and exploits that might be used to harm your computer.

note

Illustrated instructions

The following ESET Knowledgebase article may only be available in English:

Exclude an IP address from IDS in ESET Smart Security Premium

Columns

Alert Type of alert.

Application – Select the file path of an excepted application by clicking ... (for example C:\Program Files\Firefox\Firefox.exe). Do NOT enter the name of the application.

Remote IP – A list of remote IPv4 or IPv6 address / ranges / subnets. Multiple addresses must be delimited by a comma.

Block Every system process has its own default behavior and assigned action (block or allow). To override default behavior for ESET Smart Security Premium you can select from whether to block or allow it using the drop-down menu.

Notify – Choose whether to display Desktop notifications in your computer. Choose from values Default/Yes/No.

Log – Log events to ESET Smart Security Premium log files. Choose from values Default/Yes/No.

CONFIG_EPFW_IDS_EXCEPTION

Managing IDS exceptions

AddClick to create a new IDS exception.

EditClick to edit an existing IDS exception.

Remove – Select and click if you want to remove an exception from the list of IDS exceptions.

UP_DOWN Top/Up/Down/Bottom Allows you to adjust the priority level of exceptions (exceptions are evaluated from top to bottom).

CONFIG_EPFW_IDS_EXCEPTION_EDIT

example

Example

If you want to display a notification and collect a log any time the event occurs:

1.Click Add to add a new IDS exception.

2.Select particular alert from the Alert drop-down menu.

3.Choose an application path by clicking ... for which you wish to apply this notification.

4.Leave Default in the Block drop-down menu. This will inherit the default action applied by ESET Smart Security Premium.

5.Set both the Notify and Log drop-down menus to Yes.

6.Click OK to save this notification.

example

Example

If you do not want to display a recurring notification you do not consider as threat of a particular type of Alert:

1.Click Add to add a new IDS exception.

2.Select particular alert from the Alert drop-down menu, for example SMB session without security extensions or TCP Port Scanning attack.

3.Select In from the direction drop-down menu in case it is from an inbound communication.

4.Set the Notify drop-down menu to No.

5.Set the Log drop-down menu to Yes.

6.Leave Application blank.

7.If the communication is not coming from a particular IP address, leave Remote IP addresses blank.

8.Click OK to save this notification.