McAfee TSA00M005PAA Processor Guide - Page 98

Using Firewall Protection Best practices (firewall protection) NOTE: To view this report, the Report blocked events option must be enabled on the Firewall Protection policy tab. When this option is enabled, blocked events are logged for all computers using the policy. Select the information that appears in this report Select this option... Report period View Groups To do this... Specify the period of time for which to display information. Select from the last week or one of the last 12 months. List the computers where inbound events were blocked, the computers where inbound events originated, or groups containing computers where inbound events were blocked. Display all the computers on your account or only the computers in a single group. How to use this report When you want to... Do this... Display computers or detections Click the triangle icon next to a name. • Under a computer name, show which detections were found. • Under a detection name, show the computers where it was found. Click a group name to display computers in that group. View details about events Click a quantity under Events to display the Inbound Event List, which shows the name of the event, the number of occurrences, and the date on which it was detected. View details about a computer Click a computer name to display the Computer Details page, which displays information about the computer, its service components, and its detections. Best practices (firewall protection) To effectively manage your strategy for guarding against suspicious activity, we recommend that you proactively track the types of threats being detected and where they are occurring. 1 Check your status emails or the SecurityCenter website for an overview of your account's status. Ensure that protection is installed on all computers. 2 To centralize management and more easily monitor the types of applications and communications allowed on client computers, configure client firewall protection settings in a policy. 3 Use McAfee's recommendations for commonly used, safe Internet applications. When this option is enabled, applications rated safe on McAfee's www.hackerwatch.org site are approved automatically, minimizing the need for you or users to approve applications manually. 4 Check the Unrecognized Programs report frequently to monitor the Internet applications that users are allowing on client computers. If you know some of the applications are safe and do not want them to be detected as threats, add them to policies. 5 If you want to monitor the inbound communications that firewall protection has blocked, select the Report blocked events policy option, then check the Inbound Events Blocked by Firewall report regularly. 98 McAfee Total Protection Service Product Guide