Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring General Policies<br />
Working with Trusted Applications policies<br />
Task<br />
For option definitions, click ? on the page displaying the options.<br />
1 Go to Systems | Policy Catalog and select <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong>: General in<br />
the <strong>Product</strong> list and Trusted Networks in the Category list. The list of policies appears.<br />
2 In the Trusted Networks policy list, click Edit under Actions to change the settings <strong>for</strong><br />
a custom policy.<br />
Figure 33: Trusted Networks<br />
3 Do any of the following:<br />
Select...<br />
Include Local Subnet Automatically<br />
Trusted Network<br />
Trust <strong>for</strong> network IPS<br />
Add/Remove button<br />
To do this...<br />
Automatically treat all users on the same subnet as trusted, even those<br />
not in the list.<br />
Add a trusted network address to the list.<br />
Mark the network as trusted <strong>for</strong> network IPS signatures.<br />
Remove or add a trusted network address.<br />
4 Click Save to save changes.<br />
Working with Trusted Applications policies<br />
The Trusted Applications policy enables you to create a list of trusted applications. En<strong>for</strong>ce one<br />
or more policies with these application settings to reduce or eliminate most false positives.<br />
You can assign more than one policy instance of this policy, which allows <strong>for</strong> a more detailed<br />
profile of trusted application usage.<br />
In tuning a deployment, creating IPS exception rules is one way to reduce false positives. This<br />
is not always practical when dealing with several thousand clients or having limited time and<br />
resources. A better solution is to create a list of trusted applications, which are applications<br />
known to be safe in a particular environment. For example, when you run a backup application,<br />
many false positive events can be triggered. To avoid this, make the backup application a trusted<br />
application.<br />
NOTE: A trusted application is susceptible to common vulnerabilities such as buffer overflow<br />
and illegal use. There<strong>for</strong>e, a trusted application is still monitored and can trigger events to<br />
prevent exploits.<br />
This policy category contains a preconfigured policy, which provides a list of specific <strong>McAfee</strong><br />
applications and Windows processes. You can view and duplicate the preconfigured policy; you<br />
can edit, rename, duplicate, delete, and export custom policies you create.<br />
On the Policy Catalog policy list page, click New Policy to create a new custom policy; click<br />
Duplicate under Actions to create a new custom policy based on an existing policy.<br />
82<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>