McAfee HISCDE-AB-IA Product Guide - Page 34
Configuring the IPS Options policy, Network IPS enabled
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 34 highlights
Configuring IPS Policies Enable IPS protection • Adaptive mode enabled (rules are learned automatically) - Select to enable adaptive mode, where clients create exception rules automatically to allow blocked behavior. Use only temporarily while tuning a deployment. NOTE: This control is also available directly on the client. • Retain existing client rules when this policy is enforced - Select to allow clients to keep exception rules created on the client, either automatically with adaptive mode or manually on a Windows client, when this policy is enforced. For Windows platforms only These options are available for clients on Windows platforms only: • Network IPS enabled - Select to enforce network IPS rules. This option is available independently from the application of host IPS rules. • Automatically block network intruders - Select this option to block incoming and outgoing traffic on a host until it is manually removed from a blocked list on the client for the number of minutes indicated. Available only if Network IPS is enabled. NOTE: These controls are also available directly on the client. • Retain blocked hosts - Select to allow a client to block a host IP address until the parameters set under "Automatically block network intruders." If not selected, the host is blocked only until the next policy enforcement. • Automatically include network-facing and service-based applications in the application protection list - Select to allow a client to add high-risk applications automatically to the list of protected applications in the IPS Rules policy. • Startup IPS protection enabled - Select to apply a hard-coded set of file and registry protection rules until the Host IPS service has started on the client. Policy selections This policy category contains a preconfigured policy, and an editable My Default policy, based on the McAfee Default policy. You can view and duplicate preconfigured policies; you can, create, edit, rename, duplicate, delete, and export custom policies. The preconfigured policy has these settings: McAfee Default Host IPS and Network IPS protection is disabled, and these options are are seleted to be applied when IPS protection is enabled: • Automatically block network intruders for 10 minutes (Windows only) • Retain blocked hosts (Windows only) • Retain client rules TIP: To activate IPS protection on client systems, the Host Intrusion Prevention administrator must first enable the Host IPS and Network IPS options in this policy, and then apply the policy to client systems. IPS protection on client systems is not automatic as in earlier versions of the product. Configuring the IPS Options policy Configure settings in this policy to turn IPS protection on and off or apply adaptive mode. 34 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5