Stopping an active response – HP t5740 Thin Client User Manual
Page 28
Stopping an active response
If the agent detects an attack, it triggers an active response. The active response automatically blocks
the IP address of a known intruder for a specific amount of time (from 1 to 2,147,483,647 seconds). The
default amount of time is 10 minutes. If you don’t want to wait the default amount of time to unblock the
IP address, you can stop the active response immediately.
An active response can also be triggered by IPS signatures that are updated weekly and by denial of
service signatures that can be updated with new builds, port scans, and MAC spoofing. However, a
Trojan horse is not considered an attack because it is a program that runs on the same endpoint where
it was detected. It is considered a security alert rather than an attack.
You can stop active responses in the Security log only.
To stop an active response
1.
Click Tools > Logs > Security.
2.
Select the row for the application or service you want to unblock. Blocked traffic is specified as
Blocked in the Action column.
3.
On the Action menu, click Stop Active Response to block the selected application, or click Stop
All Active Response if you want to unblock all blocked traffic.
4.
When the Active Response dialog box appears, click OK.
22
Chapter 5 Monitoring and logging