McAfee HISCDE-AB-IA Product Guide - Page 88
About the IPS Policy tab, Customizing IPS Policy options
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 88 highlights
Working with Host Intrusion Prevention Clients Overview of the Windows client The Application Information section displays: • The IP address that the traffic pretends to come from. • Information about the program that generated the spoofed traffic. • The time and date when Host Intrusion Prevention intercepted the traffic. The Connection Information section provides further networking information. In particular, Local Address shows the IP address that the application is pretending to have, while Remote Address shows your actual IP address. When Host Intrusion Prevention detects spoofed network traffic, it blocks both the traffic and the application that generated it. About the IPS Policy tab Use the IPS Policy tab to configure the IPS feature, which protects against host intrusion attacks based on signature and behavioral rules. From this tab you can enable or disable functionality and configure client exception rules. For more details on IPS policies, see Configuring IPS policies. IPS Policy tab displays exception rules relevant to the client and provides summary and detailed information for each rule. Table 16: IPS Policy tab This column... Displays Exception The name of the exception. Signature The name of the signature against which the exception is created. Application The application that this rule applies to, including the program name and executable file name. Customizing IPS Policy options Options at the top of the tab control settings delivered by the server-side IPS policies after the client interface is unlocked. Task 1 In the Host IPS client console, click the IPS Policy tab. 2 Select or deselect an option as needed. Select... Enable Host IPS Enable Network IPS Enable Adaptive Mode Automatically block attackers To do this... Enable host intrusion prevention protection. Enable network intrusion prevention protection. Enable adaptive mode to automatically create exceptions to intrusion prevention signatures. Block network intrusion attacks automatically for a set period of time. Indicate the number of minutes in the min. field. 88 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5