Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Working with Host Intrusion Prevention Clients Overview of the Windows client Task 1 On the client console Edit menu, click Options. 2 In the Host Intrusion Prevention Options dialog box, select and deselect options as needed. Select... Display pop-up alert Play sound Flash tray icon Create Sniffer Capture if available Show tray icon Error Reporting For this... An alert appears when an attack occurs. A sound plays when an attack occurs. The icon toggles between regular status and attack status when an attack occurs. A Sniffer Capture column is added to the Activity Log, indicating that intrusion packet data has been captured. Save this data to a McAfee Sniffer.cap file for further analysis. The Host Intrusion Prevention icon appears in the system tray. The software error reporting utility is enabled to submit errors to McAfee. Client error reporting Host Intrusion Prevention includes an error reporting utility that tracks and logs software failures. When enabled, it prompts the user to forward detected problem data to McAfee technical support, where it can be used to open a support case, if appropriate. NOTE: To use the error reporting utility, a computer must have Internet access and a web browser that is Java Script enabled. If McAfee Alert Manager is installed on the network where a computer failed, it informs the network administrator that a problem was detected. The network administrator can guide the user on how to handle the problem. When the utility detects a failure, the user selects an option: • Submit Data — Thisconnects to the McAfee Technical Support website and submits the data. • Ignore Error — No connection is made. When submitting data to the McAfee Technical Support website, the user may be asked for additional information. If the problem has a known cause, the user may be directed to a web page that provides information about the problem and how to deal with it. 88 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Working with Host Intrusion Prevention Clients Overview of the Windows client Troubleshooting the Windows client Host Intrusion Prevention includes a Troubleshooting option on the Help menu, which is available when the interface is unlocked. Options include enabling IPS and firewall logging and disabling system engines. Figure 37: Troubleshooting Options NOTE: McAfee provides a utility (ClientControl.exe) to help automate upgrades and other maintenance tasks when third-party software is used for deploying Host Intrusion Prevention on client computers. This command-line utility, which can be included in installation and maintenance scripts to temporarily disable IPS protection and activate logging functions, is available from the McAfee.com product download site. Refer to the documentation that accompanies the utility for directions on usage, including details on parameters and security Setting options for IPS logging As part of troubleshooting you can create IPS activity logs that can be analyzed on the system or sent to McAfee support to help resolve problems. Use this task to enable IPS logging. Task 1 Select the IPS Enable Logging checkbox. 2 Select the message type (All or a combination of Information, Warning, Debug, Error, Security Violations). At a minimum, you must select Error and Security Violations. 3 Click OK. The information is written to C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\HipShield.log; on Windows Vista: C:\Program Data\McAfee\Host Intrusion Prevention\HipShield.log. After the file reaches 100 MB, a new file is created. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 89
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Configuring IPS Policies Overview o
Page 27 and 28:
Configuring IPS Policies Working wi
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87: Working with Host Intrusion Prevent
Page 91 and 92: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?