McAfee® Host Intrusion Prevention 6.1 Product Guide

Host Intrusion Prevention Client

 

Windows client

9

Figure 9-2 HIPS Engines

Alerts

A user can encounter several types of alert messages and needs to react to them. These include intrusion detection, firewall, quarantine, application blocking, and spoof detection alerts. Firewall and application blocking alerts appear only when the client is in Learn mode for these features.

Intrusion alerts

If you enable IPS protection and the Display pop-up alert option, this alert automatically appears when Host Intrusion Prevention detects a potential attack. If the client is in Adaptive mode, this alert appears only if the Allow Client Rules option is disabled for the signature that caused the event to occur.

The Intrusion Information tab displays details about the attack that generated the alert, including a description of the attack, the user/client computer where the attack occurred, the process involved in the attack, and the time and date when Host Intrusion Prevention intercepted it. In addition, a generic administrator-specified message can appear.

Figure 9-3 Intrusion Detected Alert dialog box

137

Page 137
Image 137
McAfee 6.1 manual Alerts, Intrusion alerts, 137