Filter
Top Products
38
McAfee
®
Host Intrusion Prevention 6.1 Product Guide IPS Policies
Configuring the IPS Protection policy
4
4 Click Apply, and then click Close.
5 Click Apply on the IPS Options category line.
Configuring the IPS Protection policy
The IPS Protection policy sets the protective reaction for signature severity levels. These
settings instruct clients what to do when an attack or suspicious behavior is detected.
Each signature has one of four severity levels:
High (Red) — Signature of clearly identifiable security threats or malicious actions.
These signatures are specific to well-identified exploits and are mostly
non-behavioral in nature. Prevent these signatures on every system.
Medium (Orange) — Signature of behavioral activity where applications operate
outside their envelope. Prevent these signatures on critical systems, as well as on
web servers and SQL servers.
Low (Yellow) — Signatures of behavioral activity where applications and system
resources are locked and cannot be changed. Preventing these signatures increases
the security of the underlying system, but additional fine-tuning is needed.
Information (Blue) — Signature of behavioral activity where applications and system
resources are modified and might indicate a benign security risk or an attempt to
access sensitive system information. Events at this level occur during normal
system activity and generally are not evidence of an attack.
Select... To enable...
Enable Host IPS
Host IPS protection.
Enable Network IPS
Network IPS protection.
Automatically Block
Network Intruders
A client to block network intrusion attacks automatically on a
host for a set period of time. Select
Until removed to block
incoming and outgoing traffic on a host until it is manually
removed from a blocked list on the client or
for (minutes) for a
set number of minutes.
Retain Blocked Hosts
A client to block a host (IP address) until the parameters set
under
Automatically Block Network Intruders. If not selected,
the host is blocked only until the next policy refresh.
Enable Adaptive Mode
A client to generate client rules automatically.
Automatically add
high-risk applications to
the Application Protection
list
A client to add applications that are open to code injections,
and thus high-risk, automatically to the list of protected
applications.
Retain Client Rules
A client to retain the client rules it created.
Note
Policies can be deleted only in the ePolicy Orchestrator Policy Catalog page and only by
global administrators.