Filter
Top Products
140
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Host Intrusion Prevention Client
Windows client
9
Quarantine alerts
If you enable Quarantine mode and include the IP address of the client for quarantine
enforcement in the
Quarantine Options policy, a quarantine alert appears in the following
situations:
Changing the client computer’s IP address
Disconnecting and then reconnecting the client Ethernet connection
Restarting the client
Spoof Detected alerts
If you enable the IPS feature, this alert automatically appears if Host Intrusion
Prevention detects an application on your computer sending out spoofed network
traffic. This means that the application is trying to make it seem like traffic from your
computer actually comes from a different computer. It does this by changing the IP
address in the outgoing packets. Spoofing is always suspicious activity. If you see this
dialog box, immediately investigate the application that sent the spoofed traffic.
The
Spoof Detected Alert dialog box is very similar to the firewall feature’s Learn Mode alert.
It displays information about the intercepted traffic on two tabs — the
Application
Information
tab, and the Connection Information tab.
The
Application Information tab displays:
The IP address that the traffic pretends to come from.
Figure 9-5 Application Blocking creation and hooking alerts
Figure 9-6 Quarantine alert
Note
The Spoof Detected Alert dialog box appears only if you select the Display pop-up alert
option. If you do not select this option, Host Intrusion Prevention automatically blocks
the spoofed traffic without notifying you.