Kerio Control is able to log and block traffic from IP addresses of known intruders (so-called blacklists). Such method of detection and blocking of intruders is much faster and also less demanding than detection of the individual intrusion types. However, there are also disadvantages. Blacklists cannot include IP addresses of all possible intruders. Blacklists may also include IP addresses of legitimate clients or servers. Therefore, you can set the same actions for blacklists as for detected intrusions.
For correct functionality of the intrusion detection system, update databases of known intrusions and intruder IP addresses regularly.
Under normal circumstances there is no reason to disable automatic updates — non-updated databases decrease the effectiveness of the intrusion prevention system.