Changes to IPS Rules settings in Host Intrusion Prevention

As part of the migration process from Host Intrusion Prevention to Endpoint Security Threat Prevention, these settings are removed, moved, renamed, or merged with other settings.

Signatures tab
Host Intrusion Prevention settings Threat Prevention settings
Severity Access Protection policy:
  • Block and Report
Type Does not migrate.
Platform Does not migrate.
Log status Access Protection policy:
  • Report
Client rules Does not migrate.
ID Does not migrate.
IPS Signature
Host Intrusion Prevention settings Threat Prevention settings
Signature name Access Protection policy:
  • Rule: Options: Name
Severity level Does not migrate.
Version Introduced Does not migrate.
Notes

Description

Access Protection policy:
  • Notes
The Migration Assistant merges Notes and Description data from this signature into a single Notes field.
Standard IPS Subrule Properties
Host Intrusion Prevention settings Threat Prevention settings
Name Access Protection policy:
  • Rule: Name

    The subrule name and signature name migrate to the rule name in this format: <IPS Signature name>_<IPS Subrule name>.

Rule type Access Protection policy:
  • Custom Rule: Subrule: Properties: Subrule type
Operations Access Protection policy:
  • Custom Rule: Subrule: Properties: Operations
Parameters Access Protection policy:
  • Custom Rule: Subrule: Properties: Targets (as parameters)
Parameters: Executables Access Protection policy:
  • Custom Rule: Options: Executables
Application Protection Rules tab
Host Intrusion Prevention settings Threat Prevention settings
Status

Does not migrate.

Inclusion Status Does not migrate. Is used to determine whether to migrate executables from excluded Application Protection Rules.
Application Protection Rule Properties
Host Intrusion Prevention settings Threat Prevention settings
Name Does not migrate.
Status Does not migrate.
Inclusion Status Does not migrate. Is used to determine whether to migrate executables from excluded Application Protection Rules.
Executables Exploit Prevention policy:
  • Exclusions: Process
Notes Does not migrate.
Executable
Host Intrusion Prevention settings Threat Prevention settings
Name Exploit Prevention policy:
  • Exclusions: Process: Name
File description Does not migrate.
File name Exploit Prevention policy:
  • Exclusions: Process: File name or path
Fingerprint Exploit Prevention policy:
  • Exclusions: Process: MD5 hash
Signer Exploit Prevention policy:
  • Exclusions: Process: Signer
Note Does not migrate.
Exception Rules tab
Host Intrusion Prevention settings Threat Prevention settings
Status Does not migrate. Only enabled exceptions migrate.
Modified Does not migrate.
Exception Name Does not migrate.
First Executable Migrates to one or more of these policies, based on criteria explained in Appendix B, IPS Rules migration:
  • Access Protection policy:
    • Executable
  • Exploit Prevention policy:
    • Process
Modified Does not migrate.
Notes Does not migrate.
Actions Does not migrate.
IPS Exception
Host Intrusion Prevention settings Threat Prevention settings
Exception name Does not migrate.
Status Does not migrate. Only enabled exceptions migrate.
Signatures Does not migrate directly. Is used to migrate to respective Files, Registry, Programs, and Service Rule types. The target is based on criteria explained in Appendix B, IPS Rules migration, under Exceptions.
Parameters: Executable: Type Does not migrate.
Parameters: Executable: Name Migrates to both policies. The target is based on criteria explained in Appendix B, IPS Rules migration, under Exceptions.
  • Access Protection policy:
    • Executable Name or Process Name
  • Exploit Prevention policy:
    • Executable Name or Exclusions: Process Name
Parameters: Executable: File name Migrates to both policies. The target is based on criteria explained in Appendix B, IPS Rules migration, under Exceptions.
  • Access Protection policy:
    • If signature is Custom — Rule: Options: Executable: File Name or Path
    • If signature is Global — Policy: Exclusions: File Name or Path
  • Exploit Prevention policy:
    • Executable: File Name or Path
Parameters: Executable: Fingerprint Migrates to both policies. The target is based on criteria explained in Appendix B, IPS Rules migration, under Exceptions.
  • Access Protection policy:
    • If signature is Custom — Rule: Options: Executable: MD5 Hash
    • If signature is Global — Policy: Exclusions: MD5 Hash
  • Exploit Prevention policy:
    • Exclusions: Executable: MD5 Hash
Parameters: Executable: File description Does not migrate.
Parameters: Executable: Signer Migrates to both policies. The target is based on criteria explained in Appendix B, IPS Rules migration, under Exceptions.
  • Access Protection policy:
    • If signature is Custom — Rule: Options: Executable: Signer
    • If signature is Global — Policy: Exclusions: Signer
  • Exploit Prevention policy:
    • Exclusions: Executable: Signer
Parameters: Executable: Action Does not migrate.
Parameters: Parameters: Domain Group Does not migrate.
Edit Parameter
Host Intrusion Prevention settings Threat Prevention settings
Parameter name Access Protection policy:
  • Subrule: Properties: Targets: Name
Value Access Protection policy:
  • Subrule: Properties: Targets: Value
IPS Protection
Host Intrusion Prevention settings Threat Prevention settings
Reaction based on signature severity level: Reaction Is used with the IPS Rules Severity and Log status settings to determine the target Block/Report setting for Access Protection Rules. The target is based on criteria explained in Appendix B, IPS Rules migration, under Signature-level settings in migrated IPS Rules.