Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring IPS Policies Working with IPS Rules policies Configuring IPS Rules signatures Use this task to edit default signatures; create, edit or delete custom signatures; and move signatures to another policy. Task For option definitions, click ? on the page displaying the options. 1 On the Policy Catalog page, select Host Intrusion Prevention: IPS on the Product list and select IPS Rules on the Category list. The list of policies appears. 2 Under Actions, click Edit to make changes on the IPS Rules page, then click the Signatures tab. 3 Use the filters at the top of the signatures list to filter the view of all signatures in the policy. You can filter on signature severity, type, platform, log status, whether client rules are allowed, or specific text that includes signatures’ name, notes, or content version. Click Clear to remove filter settings. Figure 4: IPS Signatures tab 4 Under Actions, click Edit for the signature you want to modify. • If the signature is a default signature, modify the Severity Level, Client Rules, or Log Status settings, and enter notes in the Note box to document the change. Click OK to save any modifications. Edited default signatures can be reverted their default settings by clicking Revert under Actions. • If the signature is a custom signature, modify the Severity Level, Client Rules, Log Status or Description settings, and enter notes in the Note box to document the change. Click OK to save any modifications. 5 Click Add Signature or Add Signature Wizard to add a new signature to the list. 6 Under Actions, click Delete for the custom signature you want to delete. NOTE: Only custom signatures can be deleted. 7 Select a signature and click Copy To to move it to another policy. Indicate the policy to which to move the signature and click OK. NOTE: You can move several signatures at one time by selecting all the signatures before clicking Copy To. 32 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring IPS Policies Working with IPS Rules policies 8 Click Save to save changes. Creating signatures Use this task to create custom host intrusion prevention signatures to protect specific operations. Task For option definitions, click ? on the page displaying the options. 1 On the IPS Rules policy Signatures tab, click Add Signature. A blank Signature page appears. 2 On the signature’s IPS Signature tab, enter a name and select the platform, severity level. log status, and whether to allow the creation of client rules. Figure 5: New Custom Signature—IPS Signature tab 3 On the Description tab, type a description of what the signature is protecting. This description appears in the IPS Event when the signature is triggered. 4 On the Sub-Rule tab, select either Add Standard Sub-Rule or Add Expert Sub-Rule to create a rule. Figure 6: New Custom Signature—Sub-Rules tab To use Standard method: The Standard method limits the number of types you can include in the signature rule. To use Expert method: The Expert method, recommended only for advanced users, enables you to provide the rule syntax without limiting the number of types you can include in the McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 33
Page 1 and 2: McAfee Host Intrusion Prevention 7.
Page 3 and 4: Contents Introducing Host Intrusion
Page 5 and 6: Contents Creating firewall rule gro
Page 7 and 8: Introducing Host Intrusion Preventi
Page 13 and 14: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 31: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 83 and 84:
Configuring General Policies Workin
Page 85 and 86:
Configuring General Policies Workin
Page 87 and 88:
Working with Host Intrusion Prevent
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Index clients (continued) updating
Page 109 and 110:
Index McAfee Default policy (contin
Page 111 and 112:
Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?