Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring IPS Policies Working with IPS Rules policies 2 Select the group in the System Tree for which you want to display IPS events. All events associated with the group appear. By default, not all events are displayed. Only events over the last 30 days appear. Figure 14: IPS Events tab 3 Determine how you want to view the list of events: To... Select columns to display Sort by a column Filter for groups Filter for events criteria Aggregate exceptions Do this... Select Choose Columns from the Options menu. In the Select Columns page, add, remove, or reorder the columns for the display. Click the column header. From the Filter menu select This Group Only or This Group and All Subgroups. Select event type, marked status, severity level, or date of creation, then click Filter. Click Clear to remove filter settings. Click Aggregate, select the criteria on which to aggregate events, then click OK. Click Clear to remove aggregation settings 4 Mark events by selecting one or more events, then clicking the appropriate command: Click... Mark Read Mark Unread Mark Hide Mark Unhidden To... Mark the event as read Mark a read event as unread Hide the event Show hidden events. Note: You must first filter for hidden events to be able to select them. 5 Select an event and click Create Exception to create an exception; or click Create Trusted Application to create an application rule. Follow the directions for creating an 42 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring IPS Policies Working with IPS Rules policies exception under Creating exception rules, for creating a trusted application under Creating and editing Trusted Application rules. Managing IPS client rules Use this task to analyze IPS client rules created automatically when clients are in adaptive mode, or manually on the client provided the Client UI policy option to allow manual creation of client rules is enabled. NOTE: Access to IPS Client Rules on the Host IPS tab under Reporting requires additional permissions other than that for Host Intrusion Prevention IPS, including view permissions for Event Log, Systems, and System Tree access. You can sort, filter, and aggregate the list of rules to find specific exceptions and see their details. You can then promote some or all of the client exception rules to a particular IPS Rules policy to reduce false positives for a particular system environment. Use the aggregation feature to combine exceptions that have the same attributes, so that only one aggregated exception appears, while keeping track of the number of times the exceptions occur. This allows for easily finding IPS protection trouble spots on clients. Task For option definitions, click ? on the page displaying the options. 1 Go to Reporting | Host IPS | IPS Client Rules. Figure 15: IPS Client Rules 2 Select the group in the System Tree for which you want to display client rules. 3 Determine how you want to view the list of client exceptions: To... Sort by a column Filter for groups Do this... Click the column header. From the Filter menu select This Group Only or This Group and All Subgroups. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 43
Page 1 and 2: McAfee Host Intrusion Prevention 7.
Page 3 and 4: Contents Introducing Host Intrusion
Page 5 and 6: Contents Creating firewall rule gro
Page 7 and 8: Introducing Host Intrusion Preventi
Page 13 and 14: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 41: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 93 and 94:
Working with Host Intrusion Prevent
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Index clients (continued) updating
Page 109 and 110:
Index McAfee Default policy (contin
Page 111 and 112:
Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?