Because many rules can block legitimate traffic in addition to malicious exploits we don't turn them on by default. Each Untangle installation is in a different network, and we do not make any assumptions about your network. Traffic that is considered malicious in one network may be considered necessary in another.
Another thing to keep in mind when using Intrusion Prevention is that many of its rules are specific to software that would be running in a network environment. For example, there are several rules concerning Apache. If you are not running an Apache server in your network, you do not need these rules enabled.
You're free to change the action of all rules to best fit your network, but Untangle recommends a full review of your network before enabling any block rules.