McAfee UTILITIES 4.0 Betriebsanweisung Seite 40
- Seite / 112
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
1 On the IPS Rule policy Exception Rules tab, click Add Exception.
2 Enter the required data on each tab of the Exception wizard. These include: Signatures,
Users, Processes, Advanced Details and General tab. The Summary tab displays the
settings made in the previous tabs.
Figure 13: IPS Exception
3 Click Save.
Working with IPS events
An IPS event is triggered when a security violation, as defined by a signature, is detected. For
example, Host Intrusion Prevention compares the start of any application against a signature
for that operation, which may represent an attack. If a match occurs, an event is generated.
When Host Intrusion Prevention recognizes an IPS event, it flags it on the Host IPS Events tab
under Reporting with one of four severity level criteria: High, Medium, Low, and Information.
NOTE: When two events are triggered by the same operation, the highest signature reaction
is taken.
From the list of events generated, you can determine which events are allowable and which
indicate suspicious behavior. To allow events, configure the system with the following:
• Exceptions — rules that override a signature rule.
• Trusted Applications — applications that are labeled trusted whose operations may
otherwise be blocked by a signature.
This tuning process keeps the events that appear to a minimum, providing more time for analysis
of the serious events that occur.
Reacting to events
Under certain circumstances, behavior that is interpreted as an attack can be a normal part of
a user’s work routine. When this occurs, you can create an exception rule or a trusted application
rule for that behavior.
Creating exceptions and trusted applications allows you to diminish false positive alerts, and
ensures that the notifications you receive are meaningful.
For example, when testing clients, you may find clients recognizing the signature E-mail access.
Typically, an event triggered by this signature is cause for alarm. Hackers may install Trojan
Configuring IPS Policies
Working with IPS Rules policies
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.040
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Verwandte Produkte und Handbücher für Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee QUICKCLEAN 1.0 Betriebsanweisung
(41 Seiten)
(41 Seiten)
Software McAfee GUARD DOG 2 Betriebsanweisung
(128 Seiten)
(128 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.051 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern