Deep Security can help in these situations via IPS rules which target major vulnerabilities. Determining which rules to apply can be done with minimal effort from the administrator by allowing systems to be scanned and appropriate rules to be applied based on your environment. Once the system is updated, the rules can then also be removed by a Recommendation Scan as well.
Deep Security supports various End of Life (EOL) operating systems such as Microsoft Windows 2000 and Windows 2003. These systems are typically kept in production as they serve a necessary function in a particular line of business. As they are "end of life," these systems will not be updated from the vendors.
In many cases, the systems running these legacy applications are doing so with limited resources. We can optimize the application of IPS rules by preventing certain classes of rules from even being recommended.
We classify these rules under the following Application Types:
- Web Client Common
- Web Client Internet Explorer / Edge
- Microsoft Office
- Web Client Mozilla Firefox
Note: These are general guidelines. This list is not meant to be exhaustive or definitive and every deployment must be evaluated carefully before configuring any exclusions. In addition to Application Types, individual rules can also be excluded for more fine-grained control.
To exclude a specific Application Type from Recommendation scans
These steps can be followed on either Policy or on a specific computer and will ensure you continue to benefit from recommendation scans and have protection against any new vulnerabilities, with all rules in this application type being excluded from the future recommendation scans.
1. Open the Policy (or Computer)
2. In the left pane, click on 'Intrusion Prevention'
3. Click on the 'Assign/Unassign' button
4. Find an IPS Rule that has the Application Type that should be excluded from Recommendation and right click on it. Select 'Application Type Properties' (not 'Application Type Properties (Global)').
5. Click on the 'Options' tab.
6. From the drop-down menu, select 'Yes' and click 'OK'.
7. You may now close any open windows.
Note: If you have not performed any other modifications to settings in the IPS module, the ‘Save’ button will be greyed out. This is normal, no other save actions are required and you may simply close the browser window.