McAfee® Host Intrusion Prevention 6.1 Product Guide

Host Intrusion Prevention Client

 

Windows client

9

Blocked Hosts tab

Use the Blocked Hosts tab to monitor a list of blocked hosts (IP addresses) that is automatically created when Network IPS (NIPS) protection is enabled (see IPS Policy options on page 142). If Create Client Rules is selected in the IPS Options policy in the ePolicy Orchestrator console, you can add to and edit the list of blocked hosts.

Figure 9-11 Blocked Hosts tab

Blocked Hosts list

You can view and edit the list of blocked addresses. Edits include adding, removing, editing blocked hosts, and viewing blocked host details.

The blocked hosts list shows all hosts currently blocked by Host Intrusion Prevention. Each line represents a single host. You can get more information on individual hosts by reading the information in each column.

Column

What it shows

 

 

Source

„ The IP address that Host Intrusion Prevention is blocking.

 

 

Blocked Reason

„ An explanation of why Host Intrusion Prevention is blocking

 

this address.

 

If Host Intrusion Prevention added this address to the list

 

because of an attempted attack on your system, this column

 

describes the type of attack.

 

If Host Intrusion Prevention added this address because one

 

of its firewall rules used the Treat rule match as intrusion

 

option, this column lists the name of the relevant firewall rule.

 

If you added this address manually, this column lists only the

 

IP address that you blocked.

 

 

148

Page 148
Image 148
McAfee 6.1 manual Blocked Hosts tab, Blocked Hosts list, 148, Column What it shows