Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Solaris client<br />
Select...<br />
Filter Options - Applications<br />
Filter Options - <strong>Intrusion</strong>s<br />
To do this...<br />
Filter the data to display events caused by applications.<br />
Filter the data to display intrusions.<br />
NOTE: You can enable and disable logging <strong>for</strong> the firewall traffic, but not <strong>for</strong> the IPS or<br />
application blocking features. However, you can choose to hide these events in the log by<br />
filtering them out.<br />
Overview of the Solaris client<br />
The <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Solaris client identifies and prevents potentially harmful attempts<br />
to compromise a Solaris server’s files and applications. It protects the server’s operating system<br />
along with Apache and Sun web servers, with an emphasis on preventing buffer overflow attacks.<br />
Policy en<strong>for</strong>cement with the Solaris client<br />
Not all policies that protect a Windows client are available <strong>for</strong> the Solaris client. In brief, <strong>Host</strong><br />
<strong>Intrusion</strong> <strong>Prevention</strong> protects the host server from harmful attacks but does not offer firewall<br />
protection. The valid policies are listed here.<br />
With this policy...<br />
These options are available...<br />
HIP 7.0 GENERAL:<br />
Client UI<br />
Trusted Networks<br />
Trusted Applications<br />
None except admin or time-based password to allow use of the<br />
troubleshooting tool.<br />
None<br />
Only Mark as trusted <strong>for</strong> IPS and New Process Name to add trusted<br />
applications.<br />
HIP 7.0 IPS:<br />
IPS Options • Enable HIPS<br />
• Enable Adaptive Mode<br />
• Retain existing Client Rules<br />
IPS Protection<br />
All<br />
IPS Rules • Exception Rules<br />
• Signatures (default and custom HIPS rules only)<br />
Note: NIPS signatures and Application Protection Rules are not<br />
available.<br />
IPS Events<br />
IPS Client Rules<br />
Search IPS Exception Rules<br />
HIP7.0 FIREWALL<br />
HIP 7.0 APPLICATION BLOCKING<br />
All<br />
All<br />
All<br />
None<br />
None<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
99