Jerry,Unfortunately Poison Ivy encrypts its C&C traffic so the IPS has no visibility into its traffic.  If you can supply a pcap of any unique Poison Ivy traffic you are seeing we can investigate the possibility of a signature. http://badishi.com/dec...

Felipe's reply is correct.  However, if you do want to write an IPS signature to block a website you can use the following guide to do so:Cisco Intrusion Prevention System Engine Quick Reference -Blocking HTTP Websiteshttp://www.cisco.com/web/about/s...

I believe the 4260 should use the same signature set as the 4500 so you should get the same protection with a 4260.

The IPS comes preconfigured with a recommended signature set.  The other signatures are not enabled for various reasons.  They may be for very old vulnerabilities, have benign triggers that require manual filtering, or have performance impact.It is n...

That sounds like the correct steps.  Those actions subtract only if you specify a custom IP address.  By default it will have 0.0.0.0-255.255.255.255 which will not subtract anything.  You can see a graphical tutorial of this here:http://popravak.wor...