Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Windows client<br />
Select...<br />
Enable Network IPS<br />
Enable Adaptive Mode<br />
Automatically block<br />
attackers<br />
To do this...<br />
Enable network intrusion prevention protection.<br />
Enable adaptive mode to automatically create exceptions to intrusion prevention<br />
signatures.<br />
Block network intrusion attacks automatically <strong>for</strong> a set period of time. Select Until<br />
removed to block an attack until it is removed, or select <strong>for</strong> X min. to block an<br />
attack <strong>for</strong> set a number of minutes, with the default at 30.<br />
Editing IPS Policy exception rules<br />
Use this task to view and edit IPS exception rules.<br />
Task<br />
1 In the IPS Policy tab, click Add to add a rule.<br />
2 In the Exception Rule dialog box, type a description <strong>for</strong> the rule.<br />
3 Select the application the rule applies to from the application list, or click Browse to locate<br />
the application.<br />
4 Select Exception rule is Active to make the rule active. Exception applies to all<br />
signatures, which is not enabled and selected by default, applies the exception to all<br />
signatures.<br />
5 Click OK.<br />
6 For other edits, do one of the following:<br />
To...<br />
View the details of a rule or<br />
edit a rule<br />
Make a rule active/inactive<br />
Delete a rule<br />
Do this...<br />
Double-click a rule, or select a rule and click Properties. The Exception Rule<br />
dialog box appears displaying rule in<strong>for</strong>mation that can be edited.<br />
Select or clear the Exception rule is Active checkbox in the Exception Rule dialog<br />
box. You can also select or clear the checkbox next to the rule icon in the list.<br />
Select a rule and click Remove.<br />
About the Firewall Policy tab<br />
Use the Firewall Policy tab to configure the Firewall feature, which allows or blocks network<br />
communication based on rules that you define. From this tab you can enable or disable<br />
functionality and configure client firewall rules. For more details on firewall policies, see the<br />
section on Configuring Firewall policies.<br />
The firewall rules list displays rules and rule groups relevant to the client and provides summary<br />
and detailed in<strong>for</strong>mation <strong>for</strong> each rule.<br />
This column...<br />
Description<br />
Protocol<br />
Displays...<br />
The purpose of this rule or rule group.<br />
Which protocol(s) the rule applies to (TCP, UDP, ICMP).Whether the rule permits traffic,<br />
or blocks it: Permits traffic. Blocks traffic.Whether the rule applies to incoming<br />
traffic, outgoing traffic, or both: Incoming traffic. Outgoing traffic. Both<br />
directions.<br />
94<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>