I noticed my IME has about 6290 signatures available; but I also notices there are only about 3500 signatures enabled; others are not checked.
I believed they are by default for a brand new IPS. Do anyone know why the rest half of those signatures are not enabled? It seems to me that they should all enabled. Is there any performane issue if I enable them all? Just want to check if anyone sees this and like to get an opinion on this.
The IPS comes preconfigured with a recommended signature set. The other signatures are not enabled for various reasons. They may be for very old vulnerabilities, have benign triggers that require manual filtering, or have performance impact.
It is not recommended that you enable them all due to performance. But if there are particular vulnerabilities you are seeking protection for, you can enable individual sigs without any major performance impact.