McAfee HISCDE-AB-IA Product Guide - Page 74
Define client functionality, Configuring a Client UI policy, General Options, Advanced Options
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 74 highlights
Configuring General Policies Define client functionality Define client functionality The Client UI policy determines how Host IPS clients appear and function. For Windows clients this includes icon display settings, intrusion event reactions, and access for administrators and client users. For non-Windows clients, only the password feature for administrative access is valid. The options in this policy make it possible to meet the demands of three typical user roles: User type Regular Functionality The average user who has the Host Intrusion Prevention client installed on a desktop or laptop. The Client UI policy enables this user to: • View the Host Intrusion Prevention client icon in the system tray and launch the client console. • Get pop-up intrusion alerts or prevent them. • Temporarily turn off IPS and firewall protection. Disconnected Administrator The user, perhaps with a laptop, who is disconnected from the Host Intrusion Prevention server for a period of time. The user might have technical problems with Host Intrusion Prevention or need to perform operations without interaction with it. The Client UI policy enables this user to obtain a time-based password to perform administrative tasks, or to turn protection features on or off. An IT administrator for all computers who needs to perform special operations on a client computer, overriding any administrator-mandated policies. The Client UI policy enables this user to obtain a non-expiring administrator password to perform administrative tasks. Administrative tasks for both disconnected and administrator users include: • Enabling or disabling IPS and Firewall policies. • Creating additional IPS and Firewall rules if certain legitimate activity is blocked. NOTE: Administrative policy changes made from the ePolicy Orchestrator console will be enforced only after the password expires. Client rules created during this time are retained if allowed by administrative rules. The Client UI policy contains a preconfigured policy and an editable My Default policy. You can view and duplicate the preconfigured policy; you can, create, edit, rename, duplicate, delete, and export editable custom policies. Configuring a Client UI policy Configure the settings in the policy to indicate icon display, intrusion event reactions, and administrator and client user access on Windows clients and administrator access on non-Windows clients. Task For option definitions, click ? on the page displaying the options. 1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: General in the Product list and Client UI in the Category list. The list of policies appears. 2 In the Client UI policy list, click Edit under Actions to change the settings for a custom policy. 3 In the Client UI page, select a tab (General Options, Advanced Options, Troubleshooting Options) and make any needed changes. See Setting Client UI general options, Setting Client UI advanced options, or Setting Client UI troubleshooting options for details. 74 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5