Hello everyone.  I recently called Symantec support to ask them this, but I don't think the guy gave me the correct information.  In NAV 2009 where you find the Intrusion Prevention Signature Names....

If the box next to a signature is checked, what does it mean?  Does checked mean it's allowed or blocked?

He told me to uncheck anything bad like a trojan/worm that I do NOT want to allow.  And to check any that should be allowed because it's a trusted signature.

That just seems backwards to me on one hand, but then on the other hand it does make sense.  I'm confused and the help docs in NAV are just as confusing.  My list of signatures is really long and there are some scary things in there so I want to make sure it's set up right.

Thanks!