McAfee® Host Intrusion Prevention 6.1 Product Guide

Maintenance

 

Running server tasks

8

Running server tasks

Host Intrusion Prevention provides server tasks manage and maintain the security level of clients. These include:

„Updating user domain lists (Directory Gateway)

„Archiving and removing events from the database (Event Archiver)

„Translating client properties to facilitate management (Property Translator)

For more information running server tasks, see the ePolicy Orchestrator online help or product guide.

Directory Gateway

The Directory Gateway server task updates the list of domains where a client runs. This updated list is needed during IPS exception rule creation, because exception rules are enforced only on the domains listed in the database. Over time, domains are added and removed, so the list needs to be update periodically to ensure proper application of exceptions.

For this task, select a domain in the list that appears on which to run the update and enter the required domain user name and password credentials. The appropriate directory servers are then queried for domain updates. This task can be scheduled on a daily or weekly interval depending on the size of the environment, with larger deployments requiring more frequent updates.

Event Archiver

The Event Archiver server task archives events from the database for optimum database performance. Over time, Host Intrusion Prevention generates thousands of events, greatly increasing the size of the database. Periodically archive and remove older events to control database size ensuring the proper functioning of the application.

For this task, enter the directory path location for the archive file and the minimum age in days of the events to be archived. A zipped XML file named with the current date is created in the location indicated and the events are removed from the database.

Property Translator

The Property Translator server task translates Host Intrusion Prevention data that is stored in the ePolicy Orchestrator database to handle Host Intrusion Prevention sorting, grouping, and filtering of data. This task, which runs automatically every 15 minutes, should not be edited; however, you can disable this task if necessary.

To change the frequency to other than 15 minutes, disable the original task and create a new server task with a new frequency.

122

Page 122
Image 122
McAfee 6.1 manual Running server tasks, Directory Gateway, Event Archiver, Property Translator, 122