
McAfee® Host Intrusion Prevention 6.1 Product Guide | Host Intrusion Prevention Client |
| Windows client |
9
Figure 9-5 Application Blocking creation and hooking alerts
Quarantine alerts
If you enable Quarantine mode and include the IP address of the client for quarantine enforcement in the Quarantine Options policy, a quarantine alert appears in the following situations:
Changing the client computer’s IP address
Disconnecting and then reconnecting the client Ethernet connection
Restarting the client
Figure 9-6 Quarantine alert
Spoof Detected alerts
If you enable the IPS feature, this alert automatically appears if Host Intrusion Prevention detects an application on your computer sending out spoofed network traffic. This means that the application is trying to make it seem like traffic from your computer actually comes from a different computer. It does this by changing the IP address in the outgoing packets. Spoofing is always suspicious activity. If you see this dialog box, immediately investigate the application that sent the spoofed traffic.
The Spoof Detected Alert dialog box appears only if you select the Display
The Spoof Detected Alert dialog box is very similar to the firewall feature’s Learn Mode alert. It displays information about the intercepted traffic on two tabs — the Application Information tab, and the Connection Information tab.
The Application Information tab displays: