Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Windows client<br />
About the Activity Log tab<br />
Use the Activity Log tab to configure the logging feature and track <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong><br />
actions.<br />
The Activity Log contains a running log of activity. Most recent activity appears at the bottom<br />
of the list.<br />
Column<br />
Time<br />
Event<br />
Source<br />
What it shows<br />
The date and time of the <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> action.<br />
The feature that per<strong>for</strong>med the action.<br />
• Traffic indicates a firewall action.<br />
• Application indicates an application blocking action.<br />
• <strong>Intrusion</strong> indicates an IPS action.<br />
• System indicates an event relating to the software"s internal components.<br />
• Service indicates an event relating to the software"s service or drivers.<br />
The remote address that this communication was either sent to, or sent from.<br />
<strong>Intrusion</strong> Data<br />
NOTE: This column only<br />
appears if you select<br />
Create Sniffer Capture...<br />
in the <strong>McAfee</strong> <strong>Host</strong><br />
<strong>Intrusion</strong> <strong>Prevention</strong><br />
Options dialog box.<br />
An icon indicating that <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> saved the packet data associated with<br />
this attack. (This icon only appears <strong>for</strong> IPS log entries.) You can export the packet data<br />
associated with this log entry. Right-click the log entry to save the data to a Sniffer file.<br />
Application<br />
Message<br />
The program that caused the action.<br />
A description of the action, with as much detail as possible.<br />
You can clear the list either by deleting the log contents or saving it to a .txt file.<br />
To...<br />
Permanently delete the contents of the log<br />
Save the contents of the log and delete the list from<br />
the tab<br />
Do this...<br />
Click Clear.<br />
Click Save. In the Save Log File To dialog box that appears,<br />
name and save the .txt file.<br />
Customizing Activity Log options<br />
Use this task to customise activity log opions.<br />
Task<br />
1 In the <strong>Host</strong> IPS client console, click the Activity Log tab.<br />
2 Select or deselect an option as needed.<br />
Select...<br />
Traffic Logging - Log All<br />
Blocked<br />
Traffic Logging - Log All<br />
Allowed<br />
Filter Options - Traffic<br />
To do this...<br />
Log all blocked firewall traffic.<br />
Log all allowed firewall traffic.<br />
Filter the data to display blocked and allowed firewall traffic.<br />
98<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>