Support User Manuals

McAfee 6.1 Marine Radio User Manual

Open as PDF

of 201

63

McAfee

®

Host Intrusion Prevention 6.1 Product Guide IPS Policies

IPS Client Rules

4

Searching for related exceptions

An event may be a false positive, which is a legitimate operation that incorrectly

appears as an intrusion. For false positives you can create an exception and prevent

logging future identical events; however, you may have already created several

exceptions for similar events. Instead of creating a new exception, you might be able

to edit an existing exception to make it apply to the false positive event. Keeping

exceptions organized and few in number makes them easier to manage.

The

Search for Related Exceptions feature enables you to search for existing exceptions

that match one or more attributes that belong to an event. For example, you can search

for exceptions matching the event’s signature or process or both. Alternatively, you can

search for exceptions that are already deployed on the client on which the event

occurred or perhaps those applied to the user associated with the event.

To search for a related exception:

1 Select an event on the

IPS Events tab for which you want to find related exceptions,

and click

Search for Related Exceptions or the toolbar or the shortcut menu.

The

Search IPS Exception Rules search criteria dialog box appears with prefilled

process, signature, and user information.

2 Select the checkbox for each criterion you want to apply. You can edit the values by

clicking

Edit.

3 Click

OK.

The Search IPS Exceptions tab displays the results of the search. See Search IPS

Exception Rules on page 66 for more details on using this search feature.

IPS Client Rules

When clients are in Adaptive mode, client exception rules are created automatically to

allow operations that would otherwise be blocked by administrator-mandated policies.

Client rules can also be created manually, provided the Client UI policy option to allow

manual creation of client rules is enabled. Both automatic and manually-created client

rules appear on the

IPS Client Rules tab. Some or all of the client exception rules

generated on a representative client can be promoted to the general

Exception Rules tab

of a particular IPS Rules policy, allowing for ease in tuning a deployment.

previous next