Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Index<br />
preconfigured policies (continued)<br />
Application Blocking Rules 71<br />
Client UI 77<br />
Firewall Rules 57<br />
IPS Options 27<br />
IPS Protection 28<br />
Quarantine Options 64<br />
Trusted Applications 82<br />
Trusted Network 81<br />
Property Translator task 21<br />
protocols<br />
tracking, and stateful firewall 49<br />
Q<br />
Quarantine Options policy<br />
about 8, 55<br />
alerts 92<br />
configuring 64<br />
working with 64<br />
quarantine rules<br />
about 8<br />
alerts, responding to 92<br />
configuring 65<br />
creating and editing 66<br />
policies and rules 55<br />
predefined, adding 68<br />
rule groups, creating and editing 66, 67<br />
Quarantine Rules policy<br />
about 8<br />
working with 65<br />
queries, <strong>Host</strong> IPS<br />
custom, parameters <strong>for</strong> 14<br />
managing in<strong>for</strong>mation 13<br />
predefined and custom 14<br />
reports 12<br />
tracking activities 13<br />
Query Builder wizard<br />
<strong>Host</strong> IPS queries 14<br />
R<br />
reactions<br />
about 26<br />
application blocking alerts, responding to 92<br />
firewall alerts, responding to 91<br />
intrusion alerts, responding to 90<br />
IPS Protection, configuring 28<br />
mapping to IPS severity 11<br />
quarantine alerts, responding to 92<br />
setting, <strong>for</strong> signature severity levels 29<br />
spoof detected alerts, responding to 92<br />
types of 26<br />
rule groups, <strong>Host</strong> IPS firewall 50<br />
rules lists<br />
application rules list 96<br />
exceptions <strong>for</strong> <strong>Host</strong> IPS 93<br />
firewall rules <strong>for</strong> <strong>Host</strong> IPS 95<br />
S<br />
security levels<br />
types of 30<br />
SELinux (See Linux client) 103<br />
server tasks, <strong>Host</strong> IPS<br />
checking in updates 23<br />
managing deployment 20, 21<br />
server tasks, <strong>Host</strong> IPS (continued)<br />
Property Translator 21<br />
severity levels, IPS<br />
events and 40<br />
IPS Protection policy 28<br />
mapping to a reaction 11<br />
setting and tuning protection 16<br />
setting reactions <strong>for</strong> 29<br />
signatures 24<br />
tuning 11, 18<br />
working with signatures 30<br />
signatures<br />
alerts and NIPS signatures 91<br />
configuring IPS Rules policy 32<br />
creating custom host intrusion prevention signatures 33<br />
creating with expert method 33<br />
creating with standard method 33<br />
custom 31<br />
default host IP signatures 31<br />
defined 24<br />
exception rules 26<br />
exception rules list 93<br />
HIPS, about 25<br />
host 31<br />
host and network IPS 22, 24<br />
host IP, and exceptions 90<br />
IPS Rules policy 30<br />
network 31<br />
NIPS, about 25<br />
severity levels 30<br />
severity levels <strong>for</strong> 28<br />
tuning <strong>Host</strong> IPS policies 11<br />
types of 31<br />
using the wizard to create 34<br />
working with 30<br />
Solaris client<br />
installation files 100<br />
overview 99<br />
policy en<strong>for</strong>cement 99<br />
preventing buffer overflow 99<br />
stopping and restarting 101, 102<br />
troubleshooting 100<br />
verifying client is running 100<br />
Spoof Detected alerts 92<br />
state table, firewall<br />
functionality 47<br />
overview 47<br />
stateful filtering 55<br />
stateful filtering<br />
adaptive and learn modes 55<br />
overview 46<br />
state table 55<br />
stateful firewall<br />
how stateful filtering works 48<br />
packet inspection, how it works 49<br />
protocol tracking 49<br />
system management<br />
notifications <strong>for</strong> <strong>Host</strong> IPS events 21<br />
server tasks <strong>for</strong> <strong>Host</strong> IPS 20, 21<br />
updating <strong>Host</strong> IPS protection 22<br />
system tray icon<br />
client status indicator 86<br />
disabling a <strong>Host</strong> IPS feature 79<br />
setting client options 87<br />
110<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>