Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring Application Blocking Policies Working with Application Blocking policies Filtering and aggregating rules Applying filters generates a list of rules that satisfies all of the variables defined in the filter criteria. The result is a list of rules that includes all of the criteria. Aggregating rules generates a list of rules grouped by the value associated with each of the variables selected in the Select columns to aggregate dialog box. The result is a list of rules displayed in groups and sorted by the value associated with the selected variables. Working with Application Blocking policies The Application Blocking Options policy turns on and off application blocking rules and allows you to apply adaptive or learn mode to create new rules. This policy category contains four preconfigured policies and an editable My Default policy. You can view and duplicate preconfigured policies; you can, create, edit, rename, duplicate, delete, and export editable custom policies. Preconfigured policies include: Off (McAfee Default) All settings are disabled On • Application Creation Blocking, Regular Protection. (Only follows rules in rules list.) • Application Hooking Blocking, Regular Protection. (Only follows rules in rules list.) Adaptive • Application Creation Blocking, Adaptive mode, (Rules are learned automatically.) • Application Hooking Blocking, Adaptive mode, (Rules are learned automatically. Learn • Application Creation Blocking, Learn mode. (Rules are learned after user interaction.) • Application Hooking Blocking, Learn mode. (Rules are learned after user interaction.) On the Policy Catalog policy list page, click New Policy to create a new custom policy; click Duplicate under Actions to create a new custom policy based on an existing policy. Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems | System Tree, select a group, and then on the Policies tab click Edit Assignment. For a system go to Systems | System Tree, select a group that contains the system, and then on the System tab, select the system and select More Actions | Modify Policies on a Single System. Tasks Configuring an Application Blocking Options policy Configuring an Application Blocking Options policy Use this task to enable or disable application blocking rules and apply adaptive or learn mode. Task For option definitions, click ? on the page displaying the options. 70 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring Application Blocking Policies Working with Application Blocking Rules policies 1 Go to Systems | Policy Catalog and select Host Intrusion Prevention: Application Blocking in the Product list and Application Blocking Options in the Category list. The list of policies appears. 2 In the Application Blocking Options policy list, click Edit under Actions to change the settings for a custom policy. Figure 26: Application Blocking Options 3 In the Application Blocking Options page that appears, make any needed changes, then click Save. Working with Application Blocking Rules policies Application blocking rules determine whether specific applications are blocked from running, hooking, or both. Apply application blocking rules only after having run in adaptive or learn mode to determine which applications are present and perhaps vulnerable in your environment. You should examine all learned rules before moving them to a policy. Use application blocking rules only after a set period of over all policy fine-tuning. If applications change regularly, application blocking is not recommended; however, if your environment has a fairly fixed set of applications, this feature can add another layer of security without additional administrative work. This policy category contains a single default policy, which provides application blocking for McAfee and general Windows applications, and an editable My Default policy. You can view and duplicate the preconfigured policy as wall as copy selected rules in it to another policy; you can edit, rename, duplicate, delete, and export custom policies. Within the policy you can add, edit, duplicate, or delete rules. You can also move rules up or down in the list or to another policy. On the Policy Catalog policy list page, click New Policy to create a new custom policy; click Duplicate under Actions to create a new custom policy based on an existing policy. Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems | System Tree, select a group, and then on the Policies tab click Edit Assignment.. For a system go to Systems | System Tree, select a group that contains the system, and then on the System tab, select the system and select More Actions | Modify Policies on a Single System. Tasks Configuring an Application Blocking Rules policy McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 71
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69: Configuring Application Blocking Po
Page 73 and 74: Configuring Application Blocking Po
Page 75 and 76: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?