Whilst the Protection Policies that detect incoming exploits are the primary source of IPS detection it is a sad fact that there are now many more incidences of Malware being installed on the end user computers. It gets there by opening what appear to be innocent emails or opening attachments that are tempting offers, or clicking on links in emails or on what appear to be valid web pages. The incoming data is inspected by the Detection engine but the malicious content is not visible, or in itself it is not malicious. What happens is that a piece of code is installed that has the privilege to connect outward and send your personal data, or your activity like Bank connections, back to a command and control centre. The worst kind will setup a communication you cannot see and just copy everything you do to a criminal somewhere in the world. Some of these malwares have the ability to spread through any legitimate connection you then make, to work or a client or to someone one your network at home and that then multiplies out over many thousands of connections.
The Malware Protection Policies are there to detect the communications back out of our system.