Dear all, We've got one, okay, two little questions on the configuration of vulnerability protection: Assuming we have a security policy configured with the pre-defined vulnerability protection profile named "strict". From that policy we're getting "LDAP: User Login Brute-force Attempt" (ID 40'005, severity high) log entries from time to time. The action is to drop all packets (because of the rule in place to block all critical, high and medium rated threats). The queries are legitimate and we'd like to tweak the timing attributes for that specific threat ID. Now the first question is: What happens if we just change the timing values on that threat ID using the little pencil icon without enabling the exception using the "Enable" check box in the first column? Will the new timing values be applied or is it mandatory to also check the Enable checkbox for the change to take effect? The second question (just to be sure): What action is applied if we'd enable this threat ID in the exceptions tab? Is it correct that the default action for threat ID 40005 (which is set to alert only) would be applied?. Thanks for any clarification. Regards, Oliver
... View more