Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Windows client<br />
Column<br />
What it shows<br />
Time • The time and date when you added this address to the blocked addresses list.<br />
Time Remaining • How long <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> will continue to block this address.<br />
If you specified an expiration time when you blocked the address, this column shows<br />
the number of minutes left until <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> removes the address from<br />
the list.If you specified that you wanted this address blocked until you manually removed<br />
it from the list, this column displays Until removed.<br />
Editing the Blocked <strong>Host</strong>s list<br />
Use this task to edit the list of blocked addresses. Edits include adding, removing, editing blocked<br />
hosts, and viewing blocked host details.<br />
Task<br />
1 Click Add to add a host.<br />
2 In the Blocked <strong>Host</strong> dialog box, enter the IP address you want to block. To search <strong>for</strong> an<br />
IPS address by domain name, click DNS Lookup.<br />
3 Determine how long to block the IP address:<br />
• Select Until Removed to keep the host blocked until deleted.<br />
• Select For and type the number of minutes, up to 60, to keep the host blocked <strong>for</strong> a<br />
fixed period of time.<br />
4 Click OK.<br />
NOTE: After you create a blocked address, <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> adds a new entry to<br />
the list on the Application Protection tab. It blocks any communication attempt from<br />
that IP address until you remove it from the blocked addresses list, or a set period of time<br />
expires.<br />
5 For other edits, do one of the following:<br />
To...<br />
View the details of or edit a blocked host<br />
Delete a blocked host<br />
Do this...<br />
Double-click a host entry, or select a host and click Properties. The<br />
Blocked <strong>Host</strong> dialog box displays in<strong>for</strong>mation that can be edited.<br />
Select a host and click Remove.<br />
About the Application Protection tab<br />
The Application Protection tab displays a list of applications protected on the client. This is<br />
a view-only list populated by administrative policy and a client-specific application list created<br />
heuristically.<br />
This list shows all monitored processes on the client.<br />
Column<br />
Process<br />
PID<br />
Process Full Path<br />
What it shows<br />
The application process.<br />
The process ID, which is the key <strong>for</strong> the cache lookup of a process.<br />
The full path name of the application process.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
97