Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring General Policies Working with Trusted Applications policies Task For option definitions, click ? on the page displaying the options. 1 Go to Systems | Policy Catalog and select Host Intrusion Prevention: General in the Product list and Trusted Networks in the Category list. The list of policies appears. 2 In the Trusted Networks policy list, click Edit under Actions to change the settings for a custom policy. Figure 33: Trusted Networks 3 Do any of the following: Select... Include Local Subnet Automatically Trusted Network Trust for network IPS Add/Remove button To do this... Automatically treat all users on the same subnet as trusted, even those not in the list. Add a trusted network address to the list. Mark the network as trusted for network IPS signatures. Remove or add a trusted network address. 4 Click Save to save changes. Working with Trusted Applications policies The Trusted Applications policy enables you to create a list of trusted applications. Enforce one or more policies with these application settings to reduce or eliminate most false positives. You can assign more than one policy instance of this policy, which allows for a more detailed profile of trusted application usage. In tuning a deployment, creating IPS exception rules is one way to reduce false positives. This is not always practical when dealing with several thousand clients or having limited time and resources. A better solution is to create a list of trusted applications, which are applications known to be safe in a particular environment. For example, when you run a backup application, many false positive events can be triggered. To avoid this, make the backup application a trusted application. NOTE: A trusted application is susceptible to common vulnerabilities such as buffer overflow and illegal use. Therefore, a trusted application is still monitored and can trigger events to prevent exploits. This policy category contains a preconfigured policy, which provides a list of specific McAfee applications and Windows processes. You can view and duplicate the preconfigured policy; you can edit, rename, duplicate, delete, and export custom policies you create. On the Policy Catalog policy list page, click New Policy to create a new custom policy; click Duplicate under Actions to create a new custom policy based on an existing policy. 82 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring General Policies Working with Trusted Applications policies Change the policy’s assignment on the Policy Assignment page. For a group, go to Systems | System Tree, select a group, and then on the Policies tab click Edit Assignment.. For a system go to Systems | System Tree, select a group that contains the system, and then on the System tab, select the system and select More Actions | Modify Policies on a Single System. Tasks Configuring a Trusted Applications policy Creating and editing Trusted Application rules Configuring a Trusted Applications policy Use this task to list applications deemed safe in a particular environment for a Trusted Applications policy. Task For option definitions, click ? on the page displaying the options. 1 Go to Systems | Policy Catalog and select Host Intrusion Prevention: General in the Product list and Trusted Applications in the Category list. The list of policies appears. 2 In the Trusted Applications policy list, click Edit under Actions to change the settings for a custom policy. Figure 34: Trusted Applications list 3 Do any of the following: To... Add an application Do this... Click Add Application. See Creating and editing Trusted Application rules for details. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 83
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Configuring IPS Policies Overview o
Page 27 and 28:
Configuring IPS Policies Working wi
Page 29 and 30:
Configuring IPS Policies Working wi
Page 31 and 32: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 81: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?