McAfee HISCDE-AB-IA Product Guide - Page 139
Test Automatic Blocking of Network IPS, Network IPS Activity Log wProb
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
Appendix B - Troubleshooting General issues 7 Do one of the following: • If the problem recurs, note whether the problem is associated with the IPS component but not the specific engines. Review hipshield.log to see if the IPS component is the problem. • If the problem does not recur, the issue might be associated with a specific engine. Continue to the next step, Test Each IPS Engine. Test each IPS engine 1 Click Help and select Troubleshooting. 2 Select Error reporting under IPS logging. 3 Select Log security violations. 4 Click Functionality. 5 Select the engines, one at a time, and retest. 6 Save a copy of the hipshield log for each test and label with the name of the engine tested, for reporting to support. 7 When testing is complete, enable all the engines to continue to the next step. Test IPS Adaptive Mode 1 Click the Activity Log tab and clear the log. 2 Click the IPS Policy tab and select Enable Adaptive Mode. 3 Test the system to determine if the problem recurs. 4 Do one of the following: • If the problem recurs, deselect Enable Adaptive Mode and retest to see if the problem is resolved. If it is, Host IPS in Adaptive Mode can potentially be associated with the issue. Save a copy of the Activity log and name it Host IPS Adaptive Activity Log wProb, for reporting to support. • If the problem does not recur, deselect Enable Host IPS and continue to the next step. Test Network IPS 1 Click the Activity Log tab and clear the log. 2 Click the IPS Policy tab and select Enable Network IPS. 3 Test the system to determine if the problem recurs. 4 Do one of the following: • If the problem recurs, deselect Enable Network IPS and retest to see if the problem is resolved. If it is, Network IPS can potentially be associated with the issue. Save a copy of the Activity log and name it Network IPS Activity Log wProb, for reporting to support. • If the problem does not recur, select Enable Network IPS and continue to the next step. Test Automatic Blocking of Network IPS 1 Click the Activity Log tab and clear the log. 2 Click the IPS Policy tab and select Enable Network IPS. 3 Click the Automatically Block Attackers checkbox. 4 Test the system to determine if the problem recurs. If it does: McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 139