Filter
Top Products
161
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Frequently Asked Questions
10
What happens to the nodes of the Directory under a node where I assigned a
new policy?
All nodes with inheritance enabled for the specific policy category inherit the policy
applied to a parent node.
How are the nodes to which a policy is applied affected when the policy is
modified?
All nodes to which a policy is applied receive any modification made to the policy at the
next agent-server communication or by running an agent wake-up call. The policy is
then enforced at each policy enforcement interval.
Why isn’t the new Host Intrusion Prevention policy I assigned being enforced?
New policy assignments are not enforced until the next agent-server communication
or by running an agent wake-up call after the assignment has been made. Also, if the
client UI is unlocked with a password, no new policy assignments are enforced.
Can I delegate administration of IPS and firewall policies to different
administrators in different geographic locations?
Yes. Host Intrusion Prevention enables you to delegate responsibility for all or individual
product features such as IPS or Firewall. Finer granularity of roles within the feature,
for example, client management and exception creation, is not supported.
Assign user rights at the site level, one level below the root directory, and the rights
are inherited by all nodes under that site. Explicit user permission on nodes below the
site level is not supported. To delegate administration by geographic location,
designate a geographic location at a site node, and then apply the appropriate user
rights.
Can I apply the same security configuration to different systems?
The console tree organizes nodes hierarchically. You assign policies at nodes, so the
site-level nodes typically denote profile-based groupings, such as All Servers, All
Desktops, IIS Servers, or SQL Servers. This group pattern can be replicated under each
site node.
ePolicy Orchestrator enables the creation of policies that are independent of any node,
yet shareable across all nodes. When you assign a policy to a node, it is automatically
inherited by its children, unless overridden by another policy. You can create a policy
matching each profile, such as IIS Server Policy, and apply it to each of the
corresponding node groups, such as IIS Servers.
Place a computer with a new Host Intrusion Prevention client in the appropriate profile
group to be assigned the correct security policies. If this is not possible, you can set
the policy for an individual client by modifying the policies at the individual node level.
Most inherited policies can be overridden, unless a policy has forced inheritance
assigned.
Note
If the ePolicy Orchestrator tree nodes have already been organized to support products
whose organization does not suit Host Intrusion Prevention, it may be difficult to
reorganize the tree. Because reorganization might break existing policy assignments,
knowledge of and permissions over all applicable products is required.