Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring IPS Policies<br />
Working with IPS Rules policies<br />
To use Standard method:<br />
To use Expert method:<br />
signature. Be<strong>for</strong>e writing a rule, make sure you<br />
understand rule syntax.<br />
1 Enter a name <strong>for</strong> the signature and choose a<br />
type.<br />
1 Type the rule syntax <strong>for</strong> the signatures, which<br />
can include a name <strong>for</strong> the rule. Use ANSI <strong>for</strong>mat<br />
and TCL syntax.<br />
2 Specify the operations that trigger the<br />
signature. 2 Click OK and the rule is added to the list at the<br />
top of the Subrule tab. The rule is compiled and<br />
3 Indicate whether to include or exclude a<br />
particular parameter, what the parameter is<br />
and its value.<br />
4 Click OK and the rule is added to the list at the<br />
top of the Subrule tab. The rule is compiled<br />
and the syntax is verified. If the rule fails<br />
verification, a dialog box describing the error<br />
appears. Fix the error and verify the rule again.<br />
the syntax is verified. If the rule fails verification,<br />
a dialog box describing the error appears. Fix the<br />
error and verify the rule again.<br />
5 Click OK.<br />
NOTE: You can include multiple rules in a signature.<br />
Creating signatures using the wizard<br />
Use this task to creation a signature using a wizard. This is recommended if you are new to<br />
creating signatures. Note that signatures created with the wizard do not offer any flexibility <strong>for</strong><br />
the operations the signature is protecting because you cannot change, add, or delete operations.<br />
Task<br />
For option definitions, click ? on the page displaying the options.<br />
1 On the IPS Rules Signatures tab, click Add Signature Wizard.<br />
2 On the Basic In<strong>for</strong>mation tab, enter a name and select the plat<strong>for</strong>m, severity level. log<br />
status, and whether to allow the creation of client rules. Click Next to continue.<br />
Figure 7: Signature Creation Wizard— Basic In<strong>for</strong>mation<br />
3 On the Description tab, type a description of what the signature is protecting. This<br />
description appears in the IPS Event when the signature is triggered.<br />
34<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>