McAfee HISCDE-AB-IA Product Guide - Page 141

Host IPS logs

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 141 highlights

Appendix B - Troubleshooting Host IPS logs b Retest to verify the problem is resolved. If it is, Firewall Incoming and Outgoing Learn Mode can potentially be associated with the issue. c Save a copy of the Activity log and name it Firewall Activity Log LearnINOUT wProb, for reporting to support. Test with a Firewall Any Any rule NOTE: This step might need to be configured from the ePO management console as it is imperative that the first rule in the firewall rule list be the Any Any test rule. If other policies have been configured from the console, they take precedence over the locally created rules. 1 Create a new rule and name it Any Any. 2 Set the Action to Permit. 3 Set the Protocol to IP TCP. 4 Set the Direction to Either. 5 Save the rule. If the rule is created in a policy on the ePO console, move the Any Any rule to be the first rule in the policy list. If the rule is created locally, ensure no other rules precedes it. 6 Test the system to determine if the problem recurs. If it does: a Disable the Any Any rule. b Retest to verify the problem is resolved. If it is, there is probably a configuration error with the rules. c Take a screenshot of the list of firewall on the Firewall Policy tab. d Save a copy of the Activity log and name it to Firewall Activity Log AnyAny Test. e Export the Host IPS policy settings: a Log on to the ePO console. b Navigate to the Policy Catalog object in the ePO System Tree. c Locate Host IPS and expand it. d Click Export all policies. 7 Click the Firewall Policy tab, deselect the Enable Firewall checkbox, and continue to the next step. Test Blocked Hosts Policy 1 Click the Activity Log tab and clear the log. 2 Click the Blocked Hosts tab and remove all blocked hosts from the list. 3 Test the system to determine if the problem recurs. If it does, it is probably not associated with Blocked Hosts. If you still have not found the cause of the issue, contact McAfee Support, explain the issue, and attach data obtained by going through this process. Host IPS logs Where are log files located? All log files are in one of these directories on the client system, depending onthe operating system: McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 141

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
b
Retest to verify the problem is resolved. If it is, Firewall Incoming and Outgoing Learn
Mode can potentially be associated with the issue.
c
Save a copy of the Activity log and name it
Firewall Activity Log LearnINOUT
wProb
, for reporting to support.
Test with a Firewall Any Any rule
NOTE:
This step might need to be configured from the ePO management console as it is
imperative that the first rule in the firewall rule list be the Any Any test rule. If other policies
have been configured from the console, they take precedence over the locally created rules.
1
Create a new rule and name it
Any Any
.
2
Set the Action to
Permit
.
3
Set the Protocol to
IP TCP
.
4
Set the Direction to
Either
.
5
Save the rule. If the rule is created in a policy on the ePO console, move the
Any Any
rule
to be the first rule in the policy list. If the rule is created locally, ensure no other rules
precedes it.
6
Test the system to determine if the problem recurs. If it does:
a
Disable the
Any Any
rule.
b
Retest to verify the problem is resolved. If it is, there is probably a configuration error
with the rules.
c
Take a screenshot of the list of firewall on the
Firewall Policy
tab.
d
Save a copy of the
Activity log
and name it to
Firewall Activity Log AnyAny Test
.
e
Export the
Host IPS policy
settings:
a
Log on to the ePO console.
b
Navigate to the
Policy Catalog
object in the ePO System Tree.
c
Locate
Host IPS
and expand it.
d
Click
Export all policies
.
7
Click the
Firewall Policy
tab, deselect the
Enable Firewall
checkbox, and continue to
the next step.
Test Blocked Hosts Policy
1
Click the
Activity Log
tab and clear the log.
2
Click the
Blocked Hosts
tab and remove all blocked hosts from the list.
3
Test the system to determine if the problem recurs. If it does, it is probably not associated
with Blocked Hosts.
If you still have not found the cause of the issue, contact McAfee Support, explain the issue,
and attach data obtained by going through this process.
Host IPS logs
Where are log files located?
All log files are in one of these directories on the client system, depending onthe operating
system:
Appendix B — Troubleshooting
Host IPS logs
141
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5