Filter
Top Products
65
McAfee
®
Host Intrusion Prevention 6.1 Product Guide IPS Policies
IPS Client Rules
4
Aggregated View
In the Aggregated View, you can aggregate client rule exceptions based on signature,
user, process, status, reaction, and node to determine the frequency of similar
exception rules created on all clients.
Manage exceptions that appear on the
IPS Client Rules tab with the Aggregated View
feature. This view enables you to combine exceptions that have the same attributes,
so that only one aggregated exception appears, while keeping track of the number of
times the exceptions occur. This information enables you to fine-tune a deployment,
possibly transferring some of the client exception rules to administrator-mandated
exception rules to reduce false positives for a particular system environment.
Aggregated exceptions appear in blue text and have a number in the
Count column. To
aggregate exceptions you select aggregation criteria while viewing exceptions.
To aggregate client rules:
1 Click the
Aggregate View tab on the IPS Client Rules tab.
2 In the Aggregate Client Rules dialog box, select the criteria for aggregating the client
rule exceptions. Options include:
Signature, User, Process, Enabled, Reaction, and Node.
3 Click
OK.
A list of signatures and the number of exception rules created for each appears.
4 Select a row and click
Show Individual Rules to see details of each exception rule
associated with the selection.
Your are returned to the
Regular View tab with details on each rule in the aggregated
set.
Figure 4-20 IPS Client Rules—Aggregated View based on process