McAfee HISCDE-AB-IA Product Guide - Page 9
Host IPS policy management
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 9 highlights
Introducing Host Intrusion Prevention Host IPS policy management General policies The General feature contains three policies that can apply to both the IPS and Firewall features. • Client UI (Windows only). Defines access to the Host Intrusion Prevention user interface on Windows client systems, including troubleshooting options. Also provides password-protection on all non-Windows client systems. • Trusted Networks (Windows only). Lists IP addresses and networks that are safe for communication. Used with the IPS and Firewall features. • Trusted Applications (All platforms). Lists applications that are trusted to perform most operations. Used with the IPS feature. This policy is also a multiple instance policy, which allows for several Trusted Applications policies, instead of a single policy, to be assigned to a system. The effective policy is the result of the merged contents of the policies. If there are conflicting settings, the most protective setting is applied. Host IPS policy management The ePolicy Orchestrator console allows you to configure Host Intrusion Prevention policies from a central location. How policies are enforced When you change Host Intrusion Prevention policies in the ePolicy Orchestrator console, the changes take effect on the managed systems at the next agent-server communication. This interval is set to occur once every 60 minutes by default. To enforce policies immediately, you can send an agent wake-up call from the ePolicy Orchestrator console. Policies and their categories Policy information for Host Intrusion Prevention is grouped by feature and category. Each policy category refers to a specific subset of policies. A policy is a configured group of settings for a specific purpose. You can create, modify, or delete as many policies as needed. Each policy has a preconfigured McAfee Default policy, which cannot be edited or deleted. Except for IPS Rules and Trusted Applications, all policies also have an editable My Default policy based on the default policy. Some policy categories include several read-only preconfigured policies. If these preconfigured policies meet your needs, you can apply any one of them. These read-only policies, like all policies, can be duplicated and the duplicate customized, if needed. IPS Rules and Trusted Applications policies are multiple-instance policies because you can assign multiple policy instances under a single policy. The policy instances are automatically combined into one effective policy. TIP: The McAfee Default policies for IPS Rules and Trusted Applications are automatically updated as part of the content update process. McAfee recommends always assigning these policies to all clients and creating additional policy instances to customize the behavior of these two policies. How policies are applied Policies are applied to any System Tree group or system by inheritance or assignment. Inheritance determines whether the policy settings for any system are taken from its parent. By default, inheritance is enabled throughout the System Tree. You can break inheritance by McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 9