Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Managing Your Protection<br />
Management of policies<br />
• Apply the new policy to a set of computers and monitor the results.<br />
• Repeat this process with each production group type.<br />
Automatic tuning<br />
Automatic tuning removes the need to constantly monitor all events and activities <strong>for</strong> all users.<br />
• Apply adaptive mode <strong>for</strong> IPS, Firewall, and Application Blocking policies, or apply learn mode<br />
<strong>for</strong> Firewall and Application Blocking policies.<br />
• In adaptive mode, IPS events are not triggered and activity is not blocked, except <strong>for</strong><br />
malicious exploits. Client rules are created automatically to allow legitimate activity.<br />
• In learn mode, the user receives an alert message and must indicate whether to allow or<br />
block an activity. As a result, client rules are created.<br />
• Review the lists of client rules.<br />
• Promote appropriate client rules to administrative policy rules.<br />
• After a few weeks turn off the adaptive or learn mode.<br />
• Monitor the test group <strong>for</strong> a few days to be sure the policy settings are appropriate and offer<br />
the desired protection.<br />
• Repeat this process with each production group type.<br />
Where to find policies<br />
ePolicy Orchestrator provides two locations to view and manage <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong><br />
policies:<br />
• Systems | System Tree | Policies tab of a selected group in the System Tree<br />
• Systems | Policy Catalog<br />
Policies tab<br />
Use the Policies tab to view the policies of a particular feature of the product, view details of<br />
the policy, view inheritence in<strong>for</strong>mation, edit policy assignment, and edit custom policies or<br />
create a new policy relating to a selected group or system.<br />
Policy Catalog<br />
Use the Policy Catalog to create policies, view and edit policy in<strong>for</strong>mation, view where a policy<br />
is assigned, view the settings and owner of a policy, and view assignments where policy<br />
en<strong>for</strong>cement is disabled.<br />
To...<br />
Create a policy<br />
Edit a policy<br />
View a policy<br />
Rename a policy<br />
Duplicate a policy<br />
Do this...<br />
Click New Policy, name it, and edit the settings.<br />
Click Edit (only available <strong>for</strong> My Default or custom policies).<br />
Click View (only available <strong>for</strong> <strong>McAfee</strong> Default or preconfigured policies).<br />
Click Rename and change the name of the policy (not available <strong>for</strong> default<br />
or preconfigured policies).<br />
Click Duplicate, change the name of the policy, and edit the settings.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
17