McAfee HISCDE-AB-IA Product Guide - Page 138
Host IPS Activity Log wProb, Enable Host IPS
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 138 highlights
Appendix B - Troubleshooting General issues How do I isolate a component in Host IPS to find out which one is causing a problem? NOTE: This process includes steps that might require repeated restarts, logons, or recreating issues. The following steps should be performed on the local client system with the Host IPS console. If you find the cause of the issue but cannot resolve it, forward the logs you obtain to McAfee Support. Disable all components and test for failure: 1 Disable IPS: Click the IPS Policy tab, and deselect Enable Host IPS and Enable Network IPS. 2 Disable Firewall: Click the Firewall Policy tab, and deselect Enable Firewall. 3 Clear the Blocked Hosts list: Click the Blocked Hosts tab and clear the list by selecting each entry and clicking Remove. 4 Enable Activity logging: Click the Activity Log tab and verify that all traffic logging and filter option checkboxes are selected. 5 Test the system to see if the problem recurs: • If the problem persists, continue to Step 6, • If the problem stops, skip to Step 1 of the Iterative testing phase. 6 Check the following: • Stop the McAfee Host IPS service and retest. If the problem goes away, report the issue as associated directly with the service. • Uninstall the Host IPS client from the local system and retest. If the problem goes away, report the issue as associated with installed files and not a specific component. Iterative Testing phase of each component: Test Host IPS 1 Click the Activity Log tab and clear the log. 2 Click the IPS Policy tab and select Enable Host IPS. 3 Test the system to determine if the problem recurs: • If the problem does not recur, skip to Step 5, Test Network IPS. • If the problem recurs: 1 Deselect Enable Host IPS. 2 Retest to verify the problem goes away. If the problem is resolved, Host IPS can potentially be associated with the issue. 3 Save a copy of the Activity log and name it Host IPS Activity Log wProb, for reporting to support. 4 Select Enable Host IPS and verify that the problem returns. Test all IPS engines 1 Click Help and select Troubleshooting. 2 Select Error reporting under IPS logging. 3 Select Log security violations. 4 Click Functionality. 5 On the HIPS Engines dialog box, deselect Enable / Disable all engines and click OK. 6 Test the system to determine if the problem recurs. 138 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5