McAfee HISCDE-AB-IA Product Guide - Page 9

Host IPS policy management

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

Introducing Host Intrusion Prevention Host IPS policy management General policies The General feature contains three policies that can apply to both the IPS and Firewall features. • Client UI (Windows only). Defines access to the Host Intrusion Prevention user interface on Windows client systems, including troubleshooting options. Also provides password-protection on all non-Windows client systems. • Trusted Networks (Windows only). Lists IP addresses and networks that are safe for communication. Used with the IPS and Firewall features. • Trusted Applications (All platforms). Lists applications that are trusted to perform most operations. Used with the IPS feature. This policy is also a multiple instance policy, which allows for several Trusted Applications policies, instead of a single policy, to be assigned to a system. The effective policy is the result of the merged contents of the policies. If there are conflicting settings, the most protective setting is applied. Host IPS policy management The ePolicy Orchestrator console allows you to configure Host Intrusion Prevention policies from a central location. How policies are enforced When you change Host Intrusion Prevention policies in the ePolicy Orchestrator console, the changes take effect on the managed systems at the next agent-server communication. This interval is set to occur once every 60 minutes by default. To enforce policies immediately, you can send an agent wake-up call from the ePolicy Orchestrator console. Policies and their categories Policy information for Host Intrusion Prevention is grouped by feature and category. Each policy category refers to a specific subset of policies. A policy is a configured group of settings for a specific purpose. You can create, modify, or delete as many policies as needed. Each policy has a preconfigured McAfee Default policy, which cannot be edited or deleted. Except for IPS Rules and Trusted Applications, all policies also have an editable My Default policy based on the default policy. Some policy categories include several read-only preconfigured policies. If these preconfigured policies meet your needs, you can apply any one of them. These read-only policies, like all policies, can be duplicated and the duplicate customized, if needed. IPS Rules and Trusted Applications policies are multiple-instance policies because you can assign multiple policy instances under a single policy. The policy instances are automatically combined into one effective policy. TIP: The McAfee Default policies for IPS Rules and Trusted Applications are automatically updated as part of the content update process. McAfee recommends always assigning these policies to all clients and creating additional policy instances to customize the behavior of these two policies. How policies are applied Policies are applied to any System Tree group or system by inheritance or assignment. Inheritance determines whether the policy settings for any system are taken from its parent. By default, inheritance is enabled throughout the System Tree. You can break inheritance by McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 9

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
General policies
The General feature contains three policies that can apply to both the IPS and Firewall features.
Client UI
(Windows only). Defines access to the Host Intrusion Prevention user interface
on Windows client systems, including troubleshooting options. Also provides
password-protection on all non-Windows client systems.
Trusted Networks
(Windows only). Lists IP addresses and networks that are safe for
communication. Used with the IPS and Firewall features.
Trusted Applications
(All platforms). Lists applications that are trusted to perform most
operations. Used with the IPS feature. This policy is also a multiple instance policy, which
allows for several Trusted Applications policies, instead of a single policy, to be assigned to
a system. The effective policy is the result of the merged contents of the policies. If there
are conflicting settings, the most protective setting is applied.
Host IPS policy management
The ePolicy Orchestrator console allows you to configure Host Intrusion Prevention policies
from a central location.
How policies are enforced
When you change Host Intrusion Prevention policies in the ePolicy Orchestrator console, the
changes take effect on the managed systems at the next agent-server communication. This
interval is set to occur once every 60 minutes by default. To enforce policies immediately, you
can send an agent wake-up call from the ePolicy Orchestrator console.
Policies and their categories
Policy information for Host Intrusion Prevention is grouped by
feature
and
category
. Each policy
category refers to a specific subset of policies.
A
policy
is a configured group of settings for a specific purpose. You can create, modify, or
delete as many policies as needed.
Each policy has a preconfigured
McAfee Default
policy, which cannot be edited or deleted.
Except for IPS Rules and Trusted Applications, all policies also have an editable
My Default
policy based on the default policy. Some policy categories include several read-only preconfigured
policies. If these preconfigured policies meet your needs, you can apply any one of them. These
read-only policies, like all policies, can be duplicated and the duplicate customized, if needed.
IPS Rules and Trusted Applications policies are
multiple-instance policies
because you can assign
multiple policy instances under a single policy. The policy instances are automatically combined
into one effective policy.
TIP:
The McAfee Default policies for IPS Rules and Trusted Applications are automatically
updated as part of the content update process. McAfee recommends always assigning these
policies to all clients and creating additional policy instances to customize the behavior of these
two policies.
How policies are applied
Policies are applied to any System Tree group or system by inheritance or assignment.
Inheritance
determines whether the policy settings for any system are taken from its parent.
By default, inheritance is enabled throughout the System Tree. You can break inheritance by
Introducing Host Intrusion Prevention
Host IPS policy management
9
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5