Filter
Top Products
56
McAfee
®
Host Intrusion Prevention 6.1 Product Guide IPS Policies
IPS Events
4
Editing Application Protection Rules
You can view and edit the properties of an existing application rule, changing its
inclusion status from include to exclude and vice versa.
To edit application rule properties:
1 On the
Application Protection Rules tab, select an application and click Properties on the
toolbar or shortcut menu; or, double-click the selected trusted application.
The
Application Protection Rules Properties dialog box appears.
2 Modify any data on the two tabs, and then click
OK.
Enabling and disabling Application Protection Rules
Instead of deleting application rules not in use, you can disable them temporarily, and
later enable them to put them into effect.
To disable/enable an application rule:
1 On the
Application Protection Rules tab, select the enabled rule you want to disable or
the disabled one you want to enable.
2 Click
Disable or Enable on the toolbar or shortcut menu.
The status of the application on the
Application Protection Rules tab changes
accordingly.
Deleting Application Protection Rules
To permanently delete an application protection rule, select it on the Application
Protection Rules
tab, and then click Delete on the toolbar or the shortcut menu. The rule is
removed from the tab.
IPS Events
An IPS event is triggered when a security violation, as defined by a signature, is
detected. For example, Host Intrusion Prevention compares the start of any application
against a signature for that operation, which may represent an attack. If a match occurs,
an event is generated. If not, perhaps because of an exception to the signature or if the
application has been designated as trusted, no event is generated.
When Host Intrusion Prevention recognizes an IPS event, it flags it on the
IPS Events tab
with one of four severity level criteria:
High, Medium, Low, and Information.
Note
When two events are triggered by the same operation, the highest reaction is taken.