McAfee HISCDE-AB-IA Product Guide - Page 91
About the Blocked Hosts tab, Finish
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
Working with Host Intrusion Prevention Clients Overview of the Windows client For this page... Transport Applications Schedule Enter this information... The protocol and the local or remote addresses where this rule applies. You can define an individual address, a range of addresses, a list of specific addresses, or specify all addresses. The applications that this rule applies to, including the executable file name. The schedule, if any, for the rule. 4 Click Finish to save the new rule. 5 For other edits, do one of the following: To... Do this... View the details of a rule or Select a rule and click Properties. The firewall rule builder dialog box appears edit a rule displaying rule information. If the rule is not in italic, you can edit it. Make a rule active/inactive Select or clear the checkbox next to Enabled on the General page of the firewall rule. You can also select or clear the checkbox next to the rule in the list. Make a copy of an existing rule Select the rule, usually a default rule that cannot be edited, and click Duplicate. Delete a rule Select a rule and click Remove. Apply changes immediately Click Apply. If you do not click this button after making changes, a dialog box appears asking you to save the changes. About the Blocked Hosts tab Use the Blocked Hosts tab to monitor a list of blocked hosts (IP addresses) that is automatically created when Network IPS (NIPS) protection is enabled. If Create Client Rules is selected in the IPS Options policy in the ePolicy Orchestrator console, you can add to and edit the list of blocked hosts. The blocked hosts list shows all hosts currently blocked by Host Intrusion Prevention. Each line represents a single host. You can get more information on individual hosts by reading the information in each column. Table 18: Blocked Hosts tab Column What it shows Source The IP address that Host Intrusion Prevention is blocking. Blocked Reason An explanation of why Host Intrusion Prevention is blocking this address. If Host Intrusion Prevention added this address to the list because of an attempted attack on your system, this column describes the type of attack. If Host Intrusion Prevention added this address because one of its firewall rules used the Treat rule match as intrusion option, this column lists the name of the relevant firewall rule. If you added this address manually, this column lists only the IP address that you blocked. Time Time Remaining The time and date when you added this address to the blocked addresses list. How long Host Intrusion Prevention continues to block this address. If you specified an expiration time when you blocked the address, this column shows the number of minutes left until Host Intrusion Prevention removes the address from McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 91