Managing individual NIS signatures

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to configure the Network Inspection System (NIS) response policy. NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center (https://go.microsoft.com/fwlink/?LinkId=160624) to help detect and potentially block malicious traffic. You can configure each signature, enable or disable signatures, and set signatures to block or only detect attacks.

You can change the NIS response policy for an individual signature, for groups of signatures, or for the entire system, as described in the following procedures.

To modify the NIS response policy for an individual signature

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the details pane of the Network Inspection System (NIS) tab, click the signature that you wish to modify, and then in the Tasks tab, click Configure Properties.

  3. On the General tab, you can change the signature's effective configuration. To override the Microsoft default configuration, click Custom, click Enable, and then select Block from the list.

    Note

    To learn more about this signature, click More information about this signature online.

  4. Click OK, and then on the Apply Changes bar, click Apply.

To modify the NIS response policy for a group of signatures

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the details pane of the Network Inspection System (NIS) tab, on the Group by list, select the category according to which you want to group the relevant signatures.

  3. Right-click the group title of the section you want to modify, and click Enable Signature or Disable Signature. (For example, if you grouped the signatures by Severity, right-click Moderate).

  4. On the Apply Changes bar, click Apply.

To modify the NIS response policy for the entire system

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the Network Inspection System (NIS) tab, select one of the following from the Tasks pane:

    • Set All Responses to Microsoft Defaults.

    • Set All Responses to Detect Only.

  3. In the Global Response Policy Setting window, select Apply the selected setting to newly downloaded signature sets if you want this setting to apply also to new signatures.

  4. Click OK, and then on the Apply Changes bar, click Apply.

Concepts

Configuring protection from known vulnerabilities