Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring General Policies<br />
Working with Trusted Network policies<br />
To<br />
Turn on IPS logging<br />
Include security violations in the IPS log<br />
Turn engines on and off<br />
Do this...<br />
Select from the list the message type to trigger logging of IPS<br />
events. Debug logs all messages; In<strong>for</strong>mation logs In<strong>for</strong>mation,<br />
Warning, and Error messages; Warning logs Warning and Error<br />
messages; Error logs error messages; Disabled logs no messages.<br />
The path of the log file on Windows clients is: C:\Documents and<br />
Settings\All Users\Application Data\<strong>McAfee</strong>\<strong>Host</strong> <strong>Intrusion</strong><br />
<strong>Prevention</strong>\HipShield.log; on Windows Vista: C:\Program<br />
Data\<strong>McAfee</strong>\<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong>\HipShield.log<br />
Select Log security violations.<br />
Deselect the checkbox to disable, select a checkbox to enable an<br />
engine<br />
NOTE: For details on working with the HIP client directly, see Working with <strong>Host</strong> <strong>Intrusion</strong><br />
<strong>Prevention</strong> Clients.<br />
Working with Trusted Network policies<br />
The Trusted Networks policy enables you to maintain a list of network addresses and subnets,<br />
which you can tag as trusted <strong>for</strong> clients on Windows.<br />
This policy category contains a preconfigured policy, which includes local subnets automatically<br />
but lists no network addresses, and an editable My Default policy. You can view and duplicate<br />
the preconfigured policy; you can create, edit, rename, duplicate, delete, and export editable<br />
custom policies.<br />
On the Policy Catalog policy list page, click New Policy to create a new custom policy; click<br />
Duplicate under Actions to create a new custom policy based on an existing policy.<br />
Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems<br />
| System Tree, select a group, and then on the Policies tab click Edit Assignment.. For a<br />
system go to Systems | System Tree, select a group that contains the system, and then on<br />
the System tab, select the system and select More Actions | Modify Policies on a Single<br />
System.<br />
Tasks<br />
Configuring a Trusted Networks policy<br />
Configuring a Trusted Networks policy<br />
Trusted Networks enable you to maintain a list of network addresses and subnets that you can<br />
tag as trusted <strong>for</strong> clients on Windows. You can:<br />
• Set up trusted network options.<br />
• Add or delete addresses or subnets in the trusted list.<br />
NOTE: If one trusted network trusts a specific IP address <strong>for</strong> network IPS and another trusted<br />
network does not trust the same IP address <strong>for</strong> network IPS, like firewall rules, the entry listed<br />
first takes precedence.<br />
Use this task to set trusted network options and list trusted networks.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
81