McAfee HISCDE-AB-IA Product Guide - Page 45
Configuring IPS application protection rules, Menu | Policy | Policy Catalog
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Configuring IPS Policies Define IPS protection updated, every process listed in the information cache of running processes is compared against the updated list. If the list indicates that a process should be hooked and it's not already hooked, that process is hooked. If the lists indicate that a process should not be hooked and it is already hooked, that process is unhooked. The process hooking lists can be viewed and edited on the Application Protection Rules tab. The client user interface, unlike the view on the IPS Rules policy, shows a static list of all hooked application processes. NOTE: To prevent injection of a DLL into an executable when using hook:set_windows_hook, include the executable in the Application Protection List. Configuring IPS application protection rules Edit, add, and delete rules and move rules to another policy from the Application Protection Rules tab of the IPS Rules policy. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: IPS in the Product list and IPS Rules in the Category list. The list of policies appears. 2 Under Actions, click Edit to make changes on the IPS Rules page, then click the Application Protection Rules tab. 3 Perform any of the following operations: To... Find an application rule in the list Edit an application rule Add an application rule Delete an application rule Copy an application rule to another policy Do this... Use the filters at the top of the application list. You can filter on rule status, inclusion, or specific text that includes process name, process path, or computer name. Click Clear to remove filter settings. Under Actions, click Edit. Click New. Under Actions, click Delete. Select a rule and click Copy To to copy it to another policy. Indicate the policy to which to copy the rule and click OK. NOTE: You can copy several rules at one time by selecting all the rules before clicking Copy To. 4 Click Save to save any changes. Creating application protection rules If the IPS Rules policy does not have an application protection rule that you need in your environment, you can create one. Task For option definitions, click ? in the interface. 1 On the IPS Rules policy Application Protection Rules tab, do one of the following: McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 45