Filter
Top Products
162
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Frequently Asked Questions
10
Can I view or edit the policies applicable to a specific node or client?
Yes. Host Intrusion Prevention policies have specific categories, such as IPS Rules and
IPS Protection, each providing specific settings. Under each Host Intrusion Prevention
features, you can see the categories for the selected node on the Policies tab. Each
category displays the name of its assigned policy (or policies). Most categories, like IPS
Protection, display a single policy, while the IPS Rules and Trusted Applications
categories display one or more policy instances. To view the details of each policy, click
the name of the policy.
How do I view all available policies and the nodes they are assigned to?
The ePolicy Orchestrator tree has a Policy Catalog node, which displays the list of all
policies in each category with a count of their assignments. Click the count value to
display a list of all nodes where the policy is directly assigned.The count does not
include nodes where the policy has been inherited.
How do I view IPS events triggered by clients?
ePolicy Orchestrator does not have its own event viewer, so events are handled by the
Host Intrusion Prevention IPS Events tab within the IPS Rules policy. To view the list
of events associated with a selected node, click the Policies tab, and then click the IPS
Events link. The IPS Events tab displays the combined set of IPS events generated by
clients under the selected node for a specific number of days. The view automatically
refreshes as new events are triggered, and offers these operations:
Sorting events on a single attribute and filtering on various attributes.
Viewing event details.
Marking events as read or hidden, and displaying the events in combinations of
read, unread, and hidden events.
Creating exceptions or trusted application based on events.
How do I create an exception based on an IPS Event?
Select a single event in the IPS Events tab and click Create Exception. A pre-filled New
Exception dialog box based on the original event appears. A tab in the New Exception
dialog box displays a list of target IPS Rules Policy instances into which you will place
this Exception upon creation.
How do I refine IPS Rules policies with automated tuning mechanisms?
Host Intrusion Prevention provides an adaptive mode option, which allows clients to
automatically and silently create client rules that allow blocked but non malicious
activity to occur. After clients have been in adaptive mode for a time, an administrator
can do the following:
Note
The new exception can only be placed in an existing policy that can be edited.
Apply an exception to a specific client or to multiple clients - the target policy for an
exception can be a specific client policy, or one that fits a common profile. However, all
policies are shareable by default, and appear in the assignment list for each node. It is
recommended that a small number of policies be carefully created and maintained, so
that they can collectively satisfy the needs of all clients.
Instead of creating a new exception, you can search for and edit an existing exception
with similar attributes in an existing policy with the Search Related Exceptions
functionality.