Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring General Policies Working with Client UI policies • If the Client UI is unlocked, the menu commands have no effect. For details on using the tray icon menu, see the section on working with the Host IPS client. Use this task to configure the tray icon control. Task 1 Click the General Settings tab of the Client UI policy and select Show tray icon. 2 Click the Advanced Options tab and select Allow disabling of features from the tray icon, then select any or all of the features to be disabled. Configuring Client UI troubleshooting Instead of using the troubleshooting feature on the individual client, you can apply policy-level troubleshooting options that trigger logging of IPS and firewall events and that disable particular IPS engines. When disabling engines, remember to reenable them after completing the troubleshooting. Use this task to apply troubleshooting controls without going directly to a client. Task 1 Click the Troubleshooting tab in the Client UI policy. Figure 32: Client UI—Troubleshooting tab 2 Select the policy settings you want to apply: To Turn on firewall logging Do this... Select from the list the message type to trigger logging of Firewall events. Debug logs all messages; Information logs Information, Warning, and Error messages; Warning logs Warning and Error messages; Error logs error messages; Disabled logs no messages. The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\FireSvc.log; on Windows Vista: C:\Program Data\McAfee\Host Intrusion Prevention\FireSvc.log. 80 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring General Policies Working with Trusted Network policies To Turn on IPS logging Include security violations in the IPS log Turn engines on and off Do this... Select from the list the message type to trigger logging of IPS events. Debug logs all messages; Information logs Information, Warning, and Error messages; Warning logs Warning and Error messages; Error logs error messages; Disabled logs no messages. The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\HipShield.log; on Windows Vista: C:\Program Data\McAfee\Host Intrusion Prevention\HipShield.log Select Log security violations. Deselect the checkbox to disable, select a checkbox to enable an engine NOTE: For details on working with the HIP client directly, see Working with Host Intrusion Prevention Clients. Working with Trusted Network policies The Trusted Networks policy enables you to maintain a list of network addresses and subnets, which you can tag as trusted for clients on Windows. This policy category contains a preconfigured policy, which includes local subnets automatically but lists no network addresses, and an editable My Default policy. You can view and duplicate the preconfigured policy; you can create, edit, rename, duplicate, delete, and export editable custom policies. On the Policy Catalog policy list page, click New Policy to create a new custom policy; click Duplicate under Actions to create a new custom policy based on an existing policy. Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems | System Tree, select a group, and then on the Policies tab click Edit Assignment.. For a system go to Systems | System Tree, select a group that contains the system, and then on the System tab, select the system and select More Actions | Modify Policies on a Single System. Tasks Configuring a Trusted Networks policy Configuring a Trusted Networks policy Trusted Networks enable you to maintain a list of network addresses and subnets that you can tag as trusted for clients on Windows. You can: • Set up trusted network options. • Add or delete addresses or subnets in the trusted list. NOTE: If one trusted network trusts a specific IP address for network IPS and another trusted network does not trust the same IP address for network IPS, like firewall rules, the entry listed first takes precedence. Use this task to set trusted network options and list trusted networks. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 81
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Configuring IPS Policies Overview o
Page 27 and 28:
Configuring IPS Policies Working wi
Page 29 and 30: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 79: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?