Filter
Top Products
103
7
General Policies
The General feature of Host Intrusion Prevention provides access to policies that are
general in nature and not specific to one feature.
This section describes the General feature and includes the following topics:
Overview
Configuring Enforce Policies
Configuring the Client UI policy
Configuring the Trusted Networks policy
Configuring the Trusted Applications policy
Overview
General policies apply to IPS and firewall settings and take precedence over settings in
individual IPS and firewall policies.
The
Enforce Policies policy is the basic on/off switch for enforcing Host Intrusion
Prevention administrative policies on the client.
The
Client UI policy determines which options are available to a client computer with a
Host Intrusion Prevention client, including whether the client icon appears in the
system tray, types of intrusion alerts, and passwords for access to the client interface.
The
Trusted Networks policy lists IP addresses and subnets that are safe for
communication. Trusted networks can include subnets, individual IP addresses, or
ranges of IP addresses. Marking networks as trusted eliminates or reduces the need
for IPS exceptions and additional firewall rules.
The
Trusted Applications Rules policy lists applications that are safe, have no known
vulnerabilities, and are allowed to perform any operation. Marking applications as
trusted eliminates or reduces the need for IPS exceptions and additional firewall and
application blocking rules. Like the
IPS Rules policy (see Configuring the IPS Rules policy
on page 41), this policy category can contain multiple policy instances.
Settings for
Trusted Networks and Trusted Applications policies can reduce or eliminate
false positives, which aids in tuning a deployment.