About CTEP Settings
On the CTEP Settings page (Settings > Threat Protection > CTEP Settings), you can enable Client Traffic Exploit Prevention (CTEP) for your organization as well as create exceptions using allow lists and signature overrides.
CTEP Status
Enable to inspect your organization's traffic for any CTEP violations.

User Notification
Select the user notification you want to display when users visit websites that violate your CTEP policy. You can use the default CTEP notification or create a custom one. If you create a custom notification, ensure the action is set to Block.

When blocked, users will see a similar notification:

Allow List
Under Allow List, you can see the following options:
Source IP Allowlist: The Network Location profiles that contain the source IP addresses you want to bypass from CTEP. Click Edit to add or remove profiles.
Domain Allowlist: The domains, fully qualified domain names (FQDNs), and wildcards you want to bypass from CTEP. Click Edit to enter domains or FQDNs separated by a comma.
Destination IP Allowlist: The Network Location profiles that contain the destination IP addresses you want to bypass from CTEP. Click Edit to add or remove profiles.

Signature Overrides
Under Signature Overrides, you can:
Enable Alert Only Mode to allow all traffic with signature matches and only send alerts. If enabled:
Netskope won't block traffic. Netskope will change any enabled overrides from the Block action to the Alert action.
Netskope won't generate alerts for disabled overrides.
Search for a signature name in the table.
View a list of configured signature overrides. For each override, you can see the following information:
Signature ID: The ID of the signature.
Signature Name: The name of the signature.
Status: The signature is enabled or disabled for matching.
Action: If you enabled signature matching, you can see one of the following actions when a match occurs.
Alert: Netskope allows the traffic and generates an alert in Skope IT.
Block: Netskope blocks the traffic.
Last Edited: The last time the override was edited and by who.
Sort the table by signature name, signature ID, or last edited.
Select at least one override using the checkbox and click Remove to delete it.
Click
to customize table columns or restore the default ones.
Click
to edit or delete an override.
View up to 100 overrides per page.
View multiple pages of the table.

Viewing CTEP Violation Alerts
After configuring the CTEP settings, you then can view the detected CTEP violations on the Skope IT About Alerts page (Skope IT > Alerts). To view the violations, select C2 and CTEP for the Alert Type filter.
