
2Basic Concepts
McAfee® Host Intrusion Prevention is a
This section describes the four features of Host Intrusion Prevention and how it works with ePolicy Orchestrator, and includes the following topics:
IPS feature
Firewall feature
Application Blocking feature
General feature
Policy management
Deployment and management
IPS feature
The IPS (Intrusion Prevention System) feature monitors all system and API calls and blocks those that might result in malicious activity. Host Intrusion Prevention determines which process is using a call, the security context in which the process runs, and the resource being accessed. A
Signature rules
Signature rules are patterns of characters than can be matched against a traffic stream. For example, a signature rule might look for a specific string in an HTTP request. If the string matches one in a known attack, action is taken. These rules provide protection against known attacks.
15