Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring Application Blocking Policies<br />
Working with Application Blocking Rules policies<br />
1 Go to Systems | Policy Catalog and select <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong>: Application<br />
Blocking in the <strong>Product</strong> list and Application Blocking Options in the Category list.<br />
The list of policies appears.<br />
2 In the Application Blocking Options policy list, click Edit under Actions to change the<br />
settings <strong>for</strong> a custom policy.<br />
Figure 26: Application Blocking Options<br />
3 In the Application Blocking Options page that appears, make any needed changes,<br />
then click Save.<br />
Working with Application Blocking Rules policies<br />
Application blocking rules determine whether specific applications are blocked from running,<br />
hooking, or both. Apply application blocking rules only after having run in adaptive or learn<br />
mode to determine which applications are present and perhaps vulnerable in your environment.<br />
You should examine all learned rules be<strong>for</strong>e moving them to a policy. Use application blocking<br />
rules only after a set period of over all policy fine-tuning. If applications change regularly,<br />
application blocking is not recommended; however, if your environment has a fairly fixed set<br />
of applications, this feature can add another layer of security without additional administrative<br />
work.<br />
This policy category contains a single default policy, which provides application blocking <strong>for</strong><br />
<strong>McAfee</strong> and general Windows applications, and an editable My Default policy. You can view<br />
and duplicate the preconfigured policy as wall as copy selected rules in it to another policy; you<br />
can edit, rename, duplicate, delete, and export custom policies.<br />
Within the policy you can add, edit, duplicate, or delete rules. You can also move rules up or<br />
down in the list or to another policy.<br />
On the Policy Catalog policy list page, click New Policy to create a new custom policy; click<br />
Duplicate under Actions to create a new custom policy based on an existing policy.<br />
Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems<br />
| System Tree, select a group, and then on the Policies tab click Edit Assignment.. For a<br />
system go to Systems | System Tree, select a group that contains the system, and then on<br />
the System tab, select the system and select More Actions | Modify Policies on a Single<br />
System.<br />
Tasks<br />
Configuring an Application Blocking Rules policy<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
71