Testing a default IPS policy

book

Article ID: 178320

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

To test the default IPS policy, you must trigger an event on the client computer. Then check the Security log to see whether the client blocked the event.

To test a default IPS policy

  1. Rename an executable file (.exe) to a jpeg (.jpg).
  2. Upload the renamed .jpg file to a web server\site.
  3. On the client computer, open a web browser and try to open the renamed .jpg file.
    Note: To open the renamed .jpg file, make sure that you type  the IP address of the web server and site. For example, you would type:
    http://<IP address>/<renamed executable file>.jpg
  4. On the client, if the IPS policy works correctly, the following events occur:

  • You should not be able to open the .jpg file.
  • A message in the notification area icon states that the client blocked the .jpg file.
  • You can open the Security log and look for a log entry that states that the client blocked the .jpg file.