Thanks for this info, I thought there may be really bad attacks in this category.
It’s a managed host, so there are no windows clients just this host with green interface, maybe not a regular scenario for IPS. I hoped I could find a kind of IPS rule whitelist, but I found nothing except of IP whitelisting which is really hard with mirrorlists…
EDIT:
I solved it in a dirty way but changing something in IPS settings in web UI will revert my settings 
I set “policy” to block in web UI and set the yum rule in /etc/suricata/rules/ET-emerging-policy.rules to “alert” instead of “drop”.
I tried with templates-custom…but no luck on this.
Tried it on another Nethserver VM with red and green interface but same blocked yum on blocked “policy” rule.