For performance reasons, you should have less than 300 intrusion prevention rules assigned to a computer. When an agent is assigned too many intrusion prevention rules, the status of the agent could change to "Agent configuration package too large" and the event message "Configuration package too large" appears.

To minimize the number of required rules, ensure all available patches are applied to the computer operation system and any third-party software that is installed.

1. Apply available patches to the computer operating system.
2. Apply available patches to any third-party software that is installed.
3. Apply only the intrusion prevention rules that a recommendation scan recommends. Remove any rules from the computer or the assigned policy that are recommended for unassignment. (See Manage and run recommendation scans.)
4. If you are managing intrusion prevention at the policy level and the configuration package is still too large, configure intrusion prevention in one of the following ways:
   • Make the policy more granular, so that all servers in that policy have the same operating system and applications.
   • Manage intrusion prevention at the server level so that rules are added and removed automatically for the computer.

Because changes to your environment can affect which rules are recommended, it is best to run recommendation scans on a regular basis (the best practice is to perform recommendation scans on a weekly basis). Trend Micro releases new intrusion prevention rules on Tuesdays, so it is recommended that you schedule recommendation scans shortly after those releases. The use of system resources, including CPU cycles, memory, and network bandwidth, increases during a recommendation scan so it's best to schedule the scans at non-peak times.

To resolve the error "too many application types apply to port", refer to this KB article.

Performance tips for intrusion prevention

Check scan results and manually assign rules