McAfee HISCDE-AB-IA Product Guide - Page 36
Configuring the IPS Protection policy, Define IPS protection
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
Configuring IPS Policies Define IPS protection Name Maximum Protection Prepare for Enhanced Protection Prepare for Maximum Protection Warning Function Prevent high-, medium-, and low-severity signatures and log the rest. Prevent high-severity signatures, log medium-severity signatures, and ignore the rest. Prevent high- and medium-severity signatures, log low-severity signatures, and ignore the rest. Log high-severity signatures and ignore the rest. Configuring the IPS Protection policy Configure settings in this policy to set the protective reactions for signatures of a particular severity level. These settings instruct clients what to do when an attack or suspicious behavior is detected. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: IPS in the Product list and IPS Protection in the Category list. 2 In the IPS Protection policy list that appears, click Edit under Actions to change the settings for a custom policy. NOTE: For editable policies, other options include Rename, Duplicate, Delete, and Export. For non-editable policies, options include View and Duplicate. 3 In the IPS Protection page that appears, make any needed changes, then click Save. Define IPS protection The IPS Rules policy applies intrusion prevention safeguards. This policy is a multiple-instance policy that can have multiple instances assigned. Each IPS Rules policy contains configurable details on: • Signatures • Application Protection Rules • Exception Rules You also need to go to the Host IPS page under Reporting to work with: • IPS Events • IPS Client Rules Policy selections This policy category contains a preconfigured default policy, which provides basic IPS protection. You can view and duplicate the preconfigured policy; you can edit, rename, duplicate, delete, and export custom policies you create. You can also assign more than one instance of the policy for a union of various policy rules. 36 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5