Configure Intrusion Prevention settings

Intrusion Prevention protects you from attacks when you are online. It scans network traffic for attack signatures, such as social threats and outbound attacks, that identify attempts to exploit vulnerabilities in your operating system or in a program that you use. To keep you secure, Intrusion Prevention discards packets from computers that try to send data with known attack signatures. It blocks connections to those computers.

By default, Intrusion Prevention is turned on. It must be on in order to customize the settings below.

When Intrusion Prevention is turned off, your computer is not adequately protected from Internet threats and security risks.

Configure the amount of time AutoBlock stops connections from attacking computers

AutoBlock stops connections to computers that send data with known attack signatures, even if some data is not malicious. By default, it blocks the connection from attacking computers for 30 minutes.

Configure the time AutoBlock stops connections from attacking computers.

Open your Norton device security product.

If you see the My Norton window, next to Device Security, click Open.
In the Norton product main window, click Settings.
In the Settings window, click Firewall or Network.
Click the Intrusion and Browser Protection tab.
Under Intrusion Prevention, in the Intrusion AutoBlock row, click Configure.
In the Intrusion AutoBlock window, in the drop-down list, select the amount of time that you want to block attacking computers, and then click OK.
In the Settings window, click Close.

Exclude an attack signature from monitoring

Intrusion Prevention uses an extensive list of attack signatures to detect and block suspicious network activity. In some cases, benign network activity may be identified as suspicious, because it has a similar attack signature. If you receive notifications about a possible attack, and you know that the signature that triggers the notifications is safe, you can exclude the signature from monitoring.
For more information about the attacks that Intrusion Prevention blocks, go to the following URL:
https://www.broadcom.com/support/security-center/attacksignatures

Exclude an attack signature from monitoring.

Open your Norton device security product.

If you see the My Norton window, next to Device Security, click Open.
In the Norton product main window, click Settings.
In the Settings window, click Firewall or Network.
Click the Intrusion and Browser Protection tab.
Under Intrusion Prevention, in the Intrusion Signatures row, click Configure.
In the Intrusion Signatures window, uncheck the attack signature that you want to exclude, and then click OK.
In the Settings window, click Close.

Remove trusted devices from the Intrusion Prevention exclusion list

You can exclude trusted devices from Intrusion Prevention scans to reduce the scan time. If you are sure that a device on your network is safe, you can change the trust level of the device to Full Trust and select the Exclude from IPS scanning option to exclude it from Intrusion Prevention scans.

Remove trusted devices from the Intrusion Prevention exclusion list

Open your Norton device security product.

If you see the My Norton window, next to Device Security, click Open.
In the Norton product main window, click Settings.
In the Settings window, click Firewall.
Click the Intrusion and Browser Protection tab.
Under Intrusion Prevention, in the Exclusion List row, click Purge.
In the confirmation dialog box, click Yes.
In the Settings window, click Close.

Exclude a URL or domain from monitoring

With App URL Monitoring turned on, your Norton product monitors all applications that are installed on your computer and block the malicious websites from accessing your computer.
Intrusion Prevention uses an extensive list of attack signatures to detect and block suspicious websites. In some cases, benign websites may be identified as suspicious, because it has a similar attack signature. If you receive notifications about a possible attack, and you know that the website or domain that triggers the notification is safe, you can exclude the signature from monitoring.

Exclude a URL or domain from the alert notification

On the alert notification, click View Details.
In the Security History - Advanced Details window, click Unblock URL.

Exclude a URL or domain using your Norton product

Open your Norton device security product.

If you see the My Norton window, next to Device Security, click Open.
In the Norton product main window, click Settings.
In the Settings window, click Firewall or Network.
Click the Intrusion and Browser Protection tab.
Under Intrusion Prevention, in the App URL Monitoring Exclusions row, click Configure.
Click the Add button and enter the URL or the domain name that you want to exclude from monitoring.
If you want to edit or remove a URL or domain, do the following:
- Select a URL or domain from the list and click the Edit button. Modify the URL or the domain name.
- Select a URL or domain that you want to remove and click the Remove button.

Need more help?