Upgrade for Free
Cybercrime is evolving. So is your protection. *Offer for existing members for the remainder of your subscription. Terms apply.
Configure Intrusion Prevention settings
Applicable for: Windows
Intrusion Prevention helps protect you from attacks when you are online. It scans network traffic for attack signatures that identify attempts to exploit vulnerabilities in your operating system or a program you use. Intrusion Prevention discards packets from computers that try to send data with known attack signatures to help keep you secure. It blocks connections to those computers.
You can turn on the following Intrusion Prevention settings to customize how online attacks are handled:
-
Intrusion Signatures
Scans for attack signatures when a connection attempt is made by the attacker from a remote computer. Intrusion Prevention relies on a list of attack signatures to detect and block suspicious activities.
If you turn off this setting, your Norton product stops checking for attack signatures when a connection attempt is made.
-
Remote Access Protection
Helps prevent attackers from using the Windows Remote Desktop feature to gain unauthorized access to your computer.
-
RDP protection: Remote Desktop Protocol (RDP) allows a remote connection to access your PC. Remote Access Protection monitors RDP connections to block threats when RDP protection is enabled.
-
File and printer sharing (Samba) protection: Samba (SMB) allows a remote connection to share files in a network. Remote Access Protection monitors SMB connections to block threats when this option is enabled.
-
Block brute-force attacks: Prevents attacks made to crack the Remote Desktop password.
-
Block malicious IP addresses: Prevents malicious IP addresses from being used for Remote Desktop connections.
-
Block Remote Desktop exploits: Prevents attempts made through common Remote Desktop exploits.
-
Receive Notifications
You can choose whether to receive notifications each time Norton detects and blocks a threat with Intrusion Prevention. Sometimes, you may receive repeated notifications about possible attacks.
If you choose not to receive notifications, you can still view Intrusion attacks that your Norton product blocked in the Security History. The Security History entries include information about the attacking computer and the attack.
View the connection requests blocked by Intrusion Prevention
-
Open your Norton device security product.
-
On the left pane, click Security.
-
Navigate to Advanced Security > Network > Intrusion Prevention > Settings.
-
In the Intrusion Prevention window, click the Connection Attempts tab.
You can view the list of connections that are blocked.
Exclude a device from Intrusion Prevention scans
If you receive notifications about a possible attack and know that the device that triggers the notification is safe, you can exclude it from monitoring. You can exclude trusted devices from Intrusion Prevention scans to help reduce the scan time.
You use the computer's IP address or MAC address to exclude it from Intrusion Prevention scans.
-
Open your Norton device security product.
-
On the left pane, click Security.
-
Navigate to Advanced Security > Network > Intrusion Prevention > Settings.
-
In the Intrusion Prevention window, click the Exclusions tab.
-
Click Add.
-
In the Add Exclusion window, enter the connecting device's IP address or MAC address, and click Add Exclusion.
You can also enter an IP address range separated by a hyphen.
Remove devices from the Intrusion Prevention exclusion list
If you are suspicious about a device you excluded from Intrusion Prevention scans earlier, you can remove it from the exclusion list.
-
Open your Norton device security product.
-
On the left pane, click Security.
-
Navigate to Advanced Security > Network > Intrusion Prevention > Settings.
-
In the Intrusion Prevention window, click the Exclusions tab.
-
Click the remove X icon next to the IP address you want to remove.
Need more help?
Last modified: 06/17/2025
Was this article helpful?