Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring IPS Policies<br />
Working with IPS Rules policies<br />
8 Click Save to save changes.<br />
Creating signatures<br />
Use this task to create custom host intrusion prevention signatures to protect specific operations.<br />
Task<br />
For option definitions, click ? on the page displaying the options.<br />
1 On the IPS Rules policy Signatures tab, click Add Signature. A blank Signature page<br />
appears.<br />
2 On the signature’s IPS Signature tab, enter a name and select the plat<strong>for</strong>m, severity<br />
level. log status, and whether to allow the creation of client rules.<br />
Figure 5: New Custom Signature—IPS Signature tab<br />
3 On the Description tab, type a description of what the signature is protecting. This<br />
description appears in the IPS Event when the signature is triggered.<br />
4 On the Sub-Rule tab, select either Add Standard Sub-Rule or Add Expert Sub-Rule<br />
to create a rule.<br />
Figure 6: New Custom Signature—Sub-Rules tab<br />
To use Standard method:<br />
The Standard method limits the number of types you<br />
can include in the signature rule.<br />
To use Expert method:<br />
The Expert method, recommended only <strong>for</strong> advanced<br />
users, enables you to provide the rule syntax without<br />
limiting the number of types you can include in the<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
33