Filter
Top Products
138
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Host Intrusion Prevention Client
Windows client
9
You can ignore the event by clicking Ignore, or create an exception rule for the event by
clicking
Create Exception. The Create Exception button is active only if the Allow Client Rules
option is enabled for the signature that caused the event to occur.
If the alert is the result of a HIP signature, the exception rule dialog box is prefilled with
the name of the process, user, and signature. You can select All Signatures or All
Processes
, but not both. The user name will always be included in the exception.
If the alert is the result of a NIP signature, the exception rule dialog box is prefilled with
the signature name and the host IP address. You can optionally select
All Hosts.
.
In addition, you can click Notify Admin to send information about the event to the Host
Intrusion Prevention administrator. This button is active only if the
Allow user to notify
administrator
option is enabled in the applied Client UI policy.
Select Do not show any alerts for IPS Events to stop displaying IPS Event alerts. To have the
alerts reappear after selecting this option, select
Display pop-up alert in the Options dialog
box.
Firewall alerts
If you enable firewall protection and the Learn mode for either incoming or outgoing
traffic, a firewall alert appears. The
Application Information tab displays information about
the application attempting network access, including application name, path, and
version. The
Connection Information tab displays information about the traffic protocol,
address, and ports.
To respond to a firewall Learn Mode alert
1 On the
Application Information tab of the alert dialog box, do one of the following:
Click Deny to block this and all similar traffic.
Click Allow to permit this and all similar traffic through the firewall
2 Optional: On the Connection Information tab, select possible options for the new
firewall rule:
Note
This intrusion alert also appears for firewall intrusions if a firewall rule is matched that
has the
Treat rule match as an intrusion option selected.
Select... To do this...
Create a firewall application rule
for all ports and services
Create a rule to allow or block an application’s traffic
over any port or service. If you do not select this
option, the new firewall rule allows or blocks only
specific ports:
If the intercepted traffic uses a port lower than
1024, the new rule allows or blocks only that
specific port.
If the traffic uses port 1024 or higher, the new rule
allows or blocks the range of ports from 1024 to
65535.
Remove this rule when the
application terminates
Create a temporary allow or block rule that is deleted
when the application is closed. If you do not select this
options, the new firewall rule is created as a
permanent client rule.