There are a number of different ways that a site can configure and deploy their host-based protection, or moreover, their endpoint security. As a tester, it is a matter of experimentation when it comes to implementing this on our target range. The majority of these products are commercial and you have to get trial versions or request a proof of concept implementation from the vendor. Either way, your ability to deploy this on your network range will be largely dependent on what your client has. This is information that can be obtained during the early stages of your non-intrusive target searching. However, it is usually provided to you at meetings to determine the scope of work, or during the social engineering phase of testing when it is allowed and is in scope.
When the deployed intrusion prevention tool has detected and subsequently blocked attack attempts by an IP address from our tools it is not always a good idea, because we can...