Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring Application Blocking Policies<br />
Working with Application Blocking policies<br />
Filtering and aggregating rules<br />
Applying filters generates a list of rules that satisfies all of the variables defined in the filter<br />
criteria. The result is a list of rules that includes all of the criteria. Aggregating rules generates<br />
a list of rules grouped by the value associated with each of the variables selected in the Select<br />
columns to aggregate dialog box. The result is a list of rules displayed in groups and sorted<br />
by the value associated with the selected variables.<br />
Working with Application Blocking policies<br />
The Application Blocking Options policy turns on and off application blocking rules and allows<br />
you to apply adaptive or learn mode to create new rules.<br />
This policy category contains four preconfigured policies and an editable My Default policy.<br />
You can view and duplicate preconfigured policies; you can, create, edit, rename, duplicate,<br />
delete, and export editable custom policies.<br />
Preconfigured policies include:<br />
Off (<strong>McAfee</strong> Default)<br />
All settings are disabled<br />
On<br />
• Application Creation Blocking, Regular Protection. (Only follows rules in rules list.)<br />
• Application Hooking Blocking, Regular Protection. (Only follows rules in rules list.)<br />
Adaptive<br />
• Application Creation Blocking, Adaptive mode, (Rules are learned automatically.)<br />
• Application Hooking Blocking, Adaptive mode, (Rules are learned automatically.<br />
Learn<br />
• Application Creation Blocking, Learn mode. (Rules are learned after user interaction.)<br />
• Application Hooking Blocking, Learn mode. (Rules are learned after user interaction.)<br />
On the Policy Catalog policy list page, click New Policy to create a new custom policy; click<br />
Duplicate under Actions to create a new custom policy based on an existing policy.<br />
Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems<br />
| System Tree, select a group, and then on the Policies tab click Edit Assignment. For a<br />
system go to Systems | System Tree, select a group that contains the system, and then on<br />
the System tab, select the system and select More Actions | Modify Policies on a Single<br />
System.<br />
Tasks<br />
Configuring an Application Blocking Options policy<br />
Configuring an Application Blocking Options policy<br />
Use this task to enable or disable application blocking rules and apply adaptive or learn mode.<br />
Task<br />
For option definitions, click ? on the page displaying the options.<br />
70<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>