Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Windows client<br />
The application rules list displays rules relevant to the client and provides summary and detailed<br />
in<strong>for</strong>mation <strong>for</strong> each rule.<br />
This column...<br />
Description<br />
Create<br />
Displays...<br />
The purpose of this rule.<br />
Permits application to run.<br />
Blocks application from running.<br />
Hook<br />
Permits application to hook other programs.<br />
other programs.<br />
Blocks application from hooking<br />
Application<br />
The file name and path of the application that this rule applies to.<br />
Customizing Application Policy options<br />
Use this task to customize Application Blocking options.<br />
Task<br />
1 Click the Application Policy tab.<br />
2 Select or deselect an option as needed.<br />
Select...<br />
Enable Application Creation<br />
Blocking<br />
Enable Application Hooking<br />
Blocking<br />
Enable Learn Mode<br />
Application Creation<br />
Enable Learn Mode<br />
Application Hooking<br />
To do this...<br />
Enable application creation blocking. The Enable Learn Mode Application Creation<br />
options is enabled.<br />
Enable application hooking blocking.The Enable Learn Mode Application Hooking<br />
options is enabled<br />
Enable learn mode <strong>for</strong> application creation, where the user is prompted to allow<br />
or block application creation.<br />
Enable learn mode <strong>for</strong> application hooking, where the user is prompted to allow<br />
or block application hooking.<br />
About the Blocked <strong>Host</strong>s tab<br />
Use the Blocked <strong>Host</strong>s tab to monitor a list of blocked hosts (IP addresses) that is automatically<br />
created when Network IPS (NIPS) protection is enabled. If Create Client Rules is selected in<br />
the IPS Options policy in the ePolicy Orchestrator console, you can add to and edit the list of<br />
blocked hosts.<br />
The blocked hosts list shows all hosts currently blocked by <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong>. Each line<br />
represents a single host. You can get more in<strong>for</strong>mation on individual hosts by reading the<br />
in<strong>for</strong>mation in each column.<br />
Column<br />
What it shows<br />
Source • The IP address that <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> is blocking.<br />
Blocked Reason • An explanation of why <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> is blocking this address.<br />
If <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> added this address to the list because of an attempted<br />
attack on your system, this column describes the type of attack.If <strong>Host</strong> <strong>Intrusion</strong><br />
<strong>Prevention</strong> added this address because one of its firewall rules used the Treat rule<br />
match as intrusion option, this column lists the name of the relevant firewall rule.If<br />
you added this address manually, this column lists only the IP address that you blocked.<br />
96<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>