I need a solution
Hello,
we're using sep 14.x with activated sep firewall on our W7 Systems. Now I'm just wondering about, why a detected port scan does not trigger an automatic block of the attackers IP address. Could anyone tell me when a logged port scan detection triggers an automatic block and when not. My understandig is, if there is an detected port scan then, if its enabled, IPS is generatig an active response, which means blocking the attackers IP address for a period of time.
till August, 14th this works fine, since then no attackers IPs where blocked anymore. Why?
Thanks in advance for useful suggestions ;-)
Matthias.
See attachments
With block: 2018-08-21 09_55_37-Symantec.png
Without block: 2018-08-21 09_57_04-Symantec.png
0