Why can't I unassign intrusion prevention rules?

If you cannot unassign intrusion prevention (IPS) rules from the Computer editor To open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details)., it is likely because the rules are currently assigned in a policy. Rules assigned at the policy level must be removed using the Policy editor To open the Policy editor, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). and cannot be removed at the computer level.

When you make a change to a policy, it affects all computers using the policy. Removing intrusion prevention rules from a policy removes those rules from all computers protected by the policy, not just the computer you are currently dealing with. If you would like these unassigned rules to continue to be applied to other computers, you will need to create a new policy for that group of computers.

To unassign IPS rules from a policy:

1. Go to the Policies page, right-click the policy and click Details.
   
2. Click Intrusion Prevention. Then, under Assigned Intrusion Prevention Rules, click Assign/Unassign.
3. To unassign a rule, deselect it.