Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring IPS Policies<br />
Working with IPS Rules policies<br />
exception under Creating exception rules, <strong>for</strong> creating a trusted application under Creating<br />
and editing Trusted Application rules.<br />
Managing IPS client rules<br />
Use this task to analyze IPS client rules created automatically when clients are in adaptive mode,<br />
or manually on the client provided the Client UI policy option to allow manual creation of client<br />
rules is enabled.<br />
NOTE:<br />
Access to IPS Client Rules on the <strong>Host</strong> IPS tab under Reporting requires additional permissions<br />
other than that <strong>for</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> IPS, including view permissions <strong>for</strong> Event Log,<br />
Systems, and System Tree access.<br />
You can sort, filter, and aggregate the list of rules to find specific exceptions and see their<br />
details. You can then promote some or all of the client exception rules to a particular IPS Rules<br />
policy to reduce false positives <strong>for</strong> a particular system environment.<br />
Use the aggregation feature to combine exceptions that have the same attributes, so that only<br />
one aggregated exception appears, while keeping track of the number of times the exceptions<br />
occur. This allows <strong>for</strong> easily finding IPS protection trouble spots on clients.<br />
Task<br />
For option definitions, click ? on the page displaying the options.<br />
1 Go to Reporting | <strong>Host</strong> IPS | IPS Client Rules.<br />
Figure 15: IPS Client Rules<br />
2 Select the group in the System Tree <strong>for</strong> which you want to display client rules.<br />
3 Determine how you want to view the list of client exceptions:<br />
To...<br />
Sort by a column<br />
Filter <strong>for</strong> groups<br />
Do this...<br />
Click the column header.<br />
From the Filter menu select This Group Only or This<br />
Group and All Subgroups.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
43