Hello,
I have an odd situation that I cannot explain. Has anyone seen it where Intrusion Prevention Policies were not added but some logs indicate that IPS signatures are in use?
I.E.
Alarm: [SID: 32939] Audit: TeamViewer Remote Access Activity attack blocked.
I have reviewed everything and compared policies/settings against another group that does have IPS. There appears to be some sort of issue where IPS is getting enabled when it shouldn't. Maybe by inheritance, but i trailed this and policies being inherited does not include IPS.