McAfee HISCDE-AB-IA Product Guide - Page 37

Configuring IPS Policies Define IPS protection Configuring the IPS Rules policy Configure settings in this policy to define signatures, applications protection rules, and exceptions. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: IPS in the Product list and IPS Rules in the Category list. The list of policies appears. 2 In the IPS Rules policy list, click Edit under Actions to change the settings for a custom policy. NOTE: For editable policies, other options include: Rename, Duplicate, Delete, and Export. For non-editable policies, options include View and Duplicate. 3 In the IPS Rulespage that appears, make any needed changes, then click Save. See Configuring IPS signatures, Configuring IPS application protection rules, and Configuring IPS exceptions for details. Assigning multiple instances of the policy Assigning one or more instances of the policy to a group or system in the ePolicy Orchestrator System Tree provides for single policy multi-purpose protection. The IPS Rules policy and the Trusted Applications policy are multiple-instance policies that can have more than one instance assigned. A multiple-instance policy can be useful for an IIS Server, for example, where you might apply a general default policy, a server policy, and an IIS policy, the latter two configured to specifically target systems running as IIS servers. When assigning multiple instances, you are assigning a union of all the elements in each instance of the policy. NOTE: The McAfee Default policy for both IPS Rules and Trusted Applications are updated when content is update. McAfee recommends that these two policies always be applied to make sure protection as up to date as possible. For the policies that have multiple instances, an Effective Policy link appears to provide a view of the details of the combined policy instances. Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree and select a group in the System Tree. NOTE: For a single system, select a group in the System Tree that contains the system, then on the Systems tab, select the system and select Actions | Agent | Modify Policies on a Single System. 2 Under Assigned Policies, select Host Intrusion Prevention 8.0 : IPS/General in the Product list, and for IPS Rules/Trusted Applications click Edit Assignments. 3 On the Policy Assignment page, click New Policy Instance, and select a policy from the Assigned Polices list for the additional policy instance. To view the effective or combined effect of multiple instance rule sets, click View Effective Policy. 4 Click Save to save all changes. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 37