Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Managing Your Protection<br />
Management of in<strong>for</strong>mation<br />
Application Blocking Client Rules<br />
Firewall Client Rules<br />
• Non-IP Protocol<br />
• Process Eval Option<br />
• Process Name<br />
• Process Path<br />
• Props schema ID<br />
• Reaction<br />
• Remote Address<br />
• Remote Address Type<br />
• Remote Service<br />
• Rule Name<br />
• Start Time<br />
• Switch When Expired<br />
• Time Restriction<br />
• Time Task<br />
IPS Client Rules<br />
In addition, you can create queries using these <strong>Host</strong> IPS properties:<br />
• Agent type<br />
• Firewall Status<br />
• Application Blocking Adaptive Mode Status • IPS Status<br />
• Application Blocking Learn Mode Status • Install Directory<br />
• Application Blocking Status • IPS Adaptive Mode Status<br />
• Blocked Attackers<br />
• Language<br />
• Client Version • Local Exception Rule Count<br />
• Content Version<br />
• NIPS Status<br />
• Firewall Adaptive Mode Status • Plug-in Version<br />
• Firewall Inbound Learn Mode Status • <strong>Product</strong> Status<br />
• Firewall Outbound Learn Mode Status • Service Running<br />
• Firewall Rule Count<br />
Pre-defined queries<br />
Select from these <strong>Host</strong> IPS queries:<br />
HIP Query<br />
App Block Create Status<br />
App Block Hook Status<br />
Client Versions<br />
Content Versions<br />
Firewall Status<br />
<strong>Host</strong> IPS Status<br />
Service Status<br />
Count of AB Client rules<br />
Count of FW Client Rules<br />
Summary<br />
Displays where Application Blocking Creation is enabled on managed systems.<br />
Displays where Application Blocking Hooking is enabled or disabled on managed systems.<br />
Displays top three client versions with a single category <strong>for</strong> all other versions.<br />
Displays top three content versions with a single category <strong>for</strong> all other versions.<br />
Displays where Firewall protection is enabled or disabled on managed systems.<br />
Displays where IPS protection is enabled or disabled on managed systems.<br />
Displays where <strong>Host</strong> IPS is installed and an update has occurred in the last week on<br />
managed systems.<br />
Displays the number of Application Blocking client rules created over time.<br />
Displays the number of Firewall client rules created over time.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
15