McAfee HISCDE-AB-IA Product Guide - Page 77

Define trusted networks

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 77 highlights

Configuring General Policies Define trusted networks To Turn on firewall logging Do this... Select from the list the message type to trigger logging of Firewall events. • Debug logs all messages • Information logs Information, Warning, and Error messages • Warning logs Warning and Error messages • Error logs error messages • Disabled logs no messages The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\FireSvc.log; on Windows Vista, Windows 2008, and Windows 7: C:\Program Data\McAfee\Host Intrusion Prevention\FireSvc.log. Turn on IPS logging Select from the list the message type to trigger logging of IPS events. • Debug logs all messages • Information logs Information, Warning, and Error messages • Warning logs Warning and Error messages • Error logs error messages • Disabled logs no messages The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\HipShield.log; on Windows Vista, Windows 2008, and Windows 7: C:\Program Data\McAfee\Host Intrusion Prevention\HipShield.log Include security violations in the IPS log Set the size in MB of the events log on the client Turn engines on and off Select Log security violations to have security violations events appear in the IPS log. Change the size of the log from the default 1 MB to a larger number. Deselect the checkbox to disable an engine, then reselect it to reenable the engine. NOTE: For details on working with the HIP client directly, see Working with Host Intrusion Prevention Clients. Define trusted networks The Trusted Networks policy maintains a list of network addresses and subnets, which you can tag as trusted for clients on Windows and apply to firewall rules whose remote address is set to trusted and network IPS exceptions. This policy category contains a preconfigured policy, which includes local subnets automatically but lists no network addresses, and an editable My Default policy. You can view and duplicate the preconfigured policy; you can create, edit, rename, duplicate, delete, and export editable custom policies. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 77

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
Do this...
To
Select from the list the message type to trigger logging
of Firewall events.
Turn on firewall logging
Debug
logs all messages
Information
logs Information, Warning, and Error
messages
Warning
logs Warning and Error messages
Error
logs error messages
Disabled
logs no messages
The path of the log file on Windows clients is:
C:\Documents and Settings\All Users\Application
Data\McAfee\Host Intrusion Prevention\FireSvc.log;
on Windows Vista, Windows 2008, and Windows 7:
C:\Program Data\McAfee\Host Intrusion
Prevention\FireSvc.log.
Select from the list the message type to trigger logging
of IPS events.
Turn on IPS logging
Debug
logs all messages
Information
logs Information, Warning, and Error
messages
Warning
logs Warning and Error messages
Error
logs error messages
Disabled
logs no messages
The path of the log file on Windows clients is:
C:\Documents and Settings\All Users\Application
Data\McAfee\Host Intrusion Prevention\HipShield.log;
on Windows Vista, Windows 2008, and Windows 7:
C:\Program Data\McAfee\Host Intrusion
Prevention\HipShield.log
Select
Log security violations
to have security
violations events appear in the IPS log.
Include security violations in the IPS log
Change the size of the log from the default 1 MB to a
larger number.
Set the size in MB of the events log on the client
Deselect the checkbox to disable an engine, then
reselect it to reenable the engine.
Turn engines on and off
NOTE:
For details on working with the HIP client directly, see
Working with Host Intrusion
Prevention Clients
.
Define trusted networks
The Trusted Networks policy maintains a list of network addresses and subnets, which you can
tag as trusted for clients on Windows and apply to firewall rules whose remote address is set
to trusted and network IPS exceptions.
This policy category contains a preconfigured policy, which includes local subnets automatically
but lists no network addresses, and an editable My Default policy. You can view and duplicate
the preconfigured policy; you can create, edit, rename, duplicate, delete, and export editable
custom policies.
Configuring General Policies
Define trusted networks
77
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5