Filter
Top Products
47
McAfee
®
Host Intrusion Prevention 6.1 Product Guide IPS Policies
IPS Rules policy details
4
Network-based signatures appear in the console in the same list of signatures as the
host-based signatures. They have their own icon in the
Type column and are designated
as
Network IPS in the Signature Properties General dialog box.
Each signature has a description and a default severity level. With appropriate privilege
levels, an administrator can modify the severity level of a signature or disable a
signature.
Every network-based signature has an option to turn logging off, even if the signature
is associated with a
log or prevent reaction due to the effective policy. However, in case
of a
prevent reaction, the operation is prevented, even if no event is logged.
You can create exceptions for network-based signatures; however, you cannot specify
any additional parameter attributes such as operating system user and process name.
Advanced details contains network specific parameters, for example IP addresses,
which you can specify.
Events generated by network-based signatures are displayed along with the
host-based events in the
IPS Events tab and exhibit the same behavior as host-based
events.
Viewing signatures
Host Intrusion Prevention provides three views of signatures on the Signatures tab. The
default listing includes only active signatures. You can also view only disabled
signatures, or a combination of active and disabled signatures.
Note
Network-based custom signatures are not supported.
Figure 4-6 IPS Rules—Signatures tab