McAfee HISCDE-AB-IA Product Guide - Page 77
Define trusted networks
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 77 highlights
Configuring General Policies Define trusted networks To Turn on firewall logging Do this... Select from the list the message type to trigger logging of Firewall events. • Debug logs all messages • Information logs Information, Warning, and Error messages • Warning logs Warning and Error messages • Error logs error messages • Disabled logs no messages The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\FireSvc.log; on Windows Vista, Windows 2008, and Windows 7: C:\Program Data\McAfee\Host Intrusion Prevention\FireSvc.log. Turn on IPS logging Select from the list the message type to trigger logging of IPS events. • Debug logs all messages • Information logs Information, Warning, and Error messages • Warning logs Warning and Error messages • Error logs error messages • Disabled logs no messages The path of the log file on Windows clients is: C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\HipShield.log; on Windows Vista, Windows 2008, and Windows 7: C:\Program Data\McAfee\Host Intrusion Prevention\HipShield.log Include security violations in the IPS log Set the size in MB of the events log on the client Turn engines on and off Select Log security violations to have security violations events appear in the IPS log. Change the size of the log from the default 1 MB to a larger number. Deselect the checkbox to disable an engine, then reselect it to reenable the engine. NOTE: For details on working with the HIP client directly, see Working with Host Intrusion Prevention Clients. Define trusted networks The Trusted Networks policy maintains a list of network addresses and subnets, which you can tag as trusted for clients on Windows and apply to firewall rules whose remote address is set to trusted and network IPS exceptions. This policy category contains a preconfigured policy, which includes local subnets automatically but lists no network addresses, and an editable My Default policy. You can view and duplicate the preconfigured policy; you can create, edit, rename, duplicate, delete, and export editable custom policies. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 77