McAfee® Host Intrusion Prevention 6.1 Product Guide | Frequently Asked Questions |
10
View the list of client rules created on a set of clients having a similar profile, and create a new policy based on the information. This new policy can then be applied to a larger set of clients with the same profile.
Determine that specific client rules represent security violations and block these rules as part of the IPS Rules policy.
View an aggregated list of exceptions to obtain an idea of the prevalence of the same operation on different clients with the same profile.
Move a client exception rule to the list of policy exceptions.
Search existing policy exceptions to find an exception similar to a client exception that can be edited.
How do I create custom signatures for an IPS Policy?
Custom signatures are part of the IPS Rules policy and can be created to meet a profile’s specific security needs. A custom signature wizard is available for simple signatures, while custom signature Standard and Expert modes are available for advanced users.
How do I reorganize existing exceptions and custom signatures into a new policy?
As administrator you have identified some
To reorganize these exceptions into a new policy, create a new IPS Rules policy and add it to the list of IPS Rules policy for the appropriate node. View the list of all exceptions from the various policies assigned to that node. Select one or more of the appropriate exceptions, and move them to the new policy.
This new policy can then be applied to other clients that fit the newly identified profile, either individually or as a group.
How do I find existing policies that match a given profile?
Typically, an organization will have multiple IPS Rules policies, one per client profile, such as IIS Server and SQL Server. Given that multiple administrators typically manage different parts of the system, sometimes working in different shifts, it is essential to have a small number
You can use the IPS Exception Search to search for exceptions based on their attributes, and locate their parent policy in the process. The search allows you to:
Find policies that contain an exception for an application.
Find exceptions created for a signature.
Find policies that contain exceptions matching one or more attributes of a false positive event.
163