McAfee TSA00M005PAA Processor Guide - Page 85

Firewall protection mode and detections of, unknown applications

Get McAfee TSA00M005PAA - Total Protection Service PDF manuals and user guides
UPC - 731944556253
View all McAfee TSA00M005PAA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 85 highlights

Using Firewall Protection Firewall protection mode and detections of unknown applications Firewall protection mode and detections of unknown applications Firewall protection monitors communications with Internet applications, which connect to the Internet and communicate with client computers. When it detects an Internet application running on a computer, it either allows the application to connect to the Internet or blocks the connection. The response is based on the firewall protection mode selected in the policy assigned to the client computer. IInn tthhiiss mmooddee...... PPrrootteecctt PPrroommpptt RReeppoorrtt FFiirreewwaallll pprrootteeccttiioonn ddooeess tthhiiss...... BBlloocckkss tthhee ssuussppiicciioouuss aaccttiivviittyy.. DDiissppllaayyss aa ddiiaalloogg bbooxx wwiitthh iinnffoorrmmaattiioonn aabboouutt tthhee ddeetteeccttiioonn,, aanndd aalllloowwss tthhee uusseerr ttoo sseelleecctt aa rreessppoonnssee.. TThhiiss sseettttiinngg iiss tthhee ddeeffaauulltt.. SSeennddss iinnffoorrmmaattiioonn aabboouutt ssuussppiicciioouuss aaccttiivviittyy ttoo tthhee SSeeccuurriittyyCCeenntteerr aanndd ttaakkeess nnoo aaddddiittiioonnaall aaccttiioonn.. For all modes, detections are reported to the SecurityCenter, where you can view information about them in reports. NOTE: To prevent popup prompts from appearing on client computers when applications are detected, and for highest security, we recommend using Protect mode. How policy options are implemented in the three protection modes Use the following table to determine how policy options are implemented in the different protection modes. MMooddee RReeppoorrtt BBeehhaavviioorr ooff ffiirreewwaallll pprrootteeccttiioonn •• UUsseerrss aarree nnoott pprroommpptteedd aabboouutt ddeetteeccttiioonnss.. •• DDeetteeccttiioonnss aarree rreeppoorrtteedd ttoo tthhee SSeeccuurriittyyCCeenntteerr.. •• AAddmmiinniissttrraattoorr ccaann sseelleecctt aalllloowweedd aapppplliiccaattiioonnss,, wwhhiicchh aarree nnoott rreeppoorrtteedd aass ddeetteeccttiioonnss.. •• CCaann bbee uusseedd aass aa ""lleeaarrnn"" mmooddee ttoo ddiissccoovveerr wwhhiicchh aapppplliiccaattiioonnss ttoo aallllooww aanndd bblloocckk.. PPrroommpptt •• UUsseerrss aarree pprroommpptteedd aabboouutt ddeetteeccttiioonnss.. •• DDeetteeccttiioonnss aarree rreeppoorrtteedd ttoo tthhee SSeeccuurriittyyCCeenntteerr.. •• AAddmmiinniissttrraattoorr ccaann sseelleecctt aalllloowweedd aapppplliiccaattiioonnss.. TThheessee aapppplliiccaattiioonnss aarree nnoott rreeppoorrtteedd aass ddeetteeccttiioonnss,, aanndd uusseerrss aarree nnoott pprroommpptteedd ffoorr aa rreessppoonnssee ttoo tthheemm.. •• UUsseerrss ccaann aapppprroovvee aaddddiittiioonnaall aapppplliiccaattiioonnss iinn rreessppoonnssee ttoo pprroommppttss.. TThheessee aarree rreeppoorrtteedd ttoo tthhee SSeeccuurriittyyCCeenntteerr.. PPrrootteecctt •• UUsseerrss aarree nnoott pprroommpptteedd aabboouutt ddeetteeccttiioonnss.. •• UUsseerrss aarree nnoottiiffiieedd aabboouutt bblloocckkeedd aapppplliiccaattiioonnss.. •• DDeetteeccttiioonnss aarree rreeppoorrtteedd ttoo tthhee SSeeccuurriittyyCCeenntteerr.. •• AAddmmiinniissttrraattoorr ccaann sseelleecctt aalllloowweedd aapppplliiccaattiioonnss,, wwhhiicchh aarree nnoott rreeppoorrtteedd aass ddeetteeccttiioonnss.. NOTE: If the policy is changed from Prompt mode to Protect mode or Report mode, firewall protection saves user settings for allowed applications. If the policy is then changed back to Prompt mode, these settings are reinstated. McAfee Total Protection Service Product Guide 85

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
McAfee Total Protection Service Product Guide
85
Firewall protection mode and detections of
unknown applications
Firewall protection monitors communications with Internet applications, which connect to the
Internet and communicate with client computers. When it detects an Internet application
running on a computer, it either allows the application to connect to the Internet or blocks the
connection. The response is based on the firewall protection mode selected in the policy
assigned to the client computer.
For all modes, detections are reported to the SecurityCenter, where you can view information
about them in reports.
NOTE:
To prevent popup prompts from appearing on client computers when applications are
detected, and for highest security, we recommend using Protect mode.
How policy options are implemented in the three protection modes
Use the following table to determine how policy options are implemented in the different
protection modes.
NOTE:
If the policy is changed from Prompt mode to Protect mode or Report mode, firewall
protection saves user settings for allowed applications. If the policy is then changed back to
Prompt mode, these settings are reinstated.
Firewall protection does this...
In this mode...
Blocks the suspicious activity.
Protect
Displays a dialog box with information about the detection, and allows the user to select
a response. This setting is the default.
Prompt
Sends information about suspicious activity to the SecurityCenter and takes no additional
action.
Report
Behavior of firewall protection
Mode
Report
Users are not prompted about detections.
Detections are reported to the SecurityCenter.
Administrator can select allowed applications, which are not reported as detections.
Can be used as a "learn" mode to discover which applications to allow and block.
Prompt
Users are prompted about detections.
Detections are reported to the SecurityCenter.
Administrator can select allowed applications. These applications are not reported
as detections, and users are not prompted for a response to them.
Users can approve additional applications in response to prompts. These are reported
to the SecurityCenter.
Protect
Users are not prompted about detections.
Users are notified about blocked applications.
Detections are reported to the SecurityCenter.
Administrator can select allowed applications, which are not reported as detections.
Using Firewall Protection
Firewall protection mode and detections of unknown applications