Host Intrusion Prevention 6.1 Product Guide | Index |
IPS Options, 36
IPS Protection, 39
product information
resources, 13
product upgrades, 14
professional services, McAfee resources, 14
Q quarantine
policies and rules, 77 quarantine groups
deleting, 93 Quarantine Options policy
configuring, 90 quarantine rule groups
creating, 93 quarantine rules adding, 93 creating, 93 deleting, 93 editing, 92 viewing, 92
Quarantine Rules policy configuring, 91 creating, 91
quick access
Application Blocking client rules, 95
Application Blocking rules, 95 Firewall client rules, 79 Firewall rules, 79
IPS client rules, 36
IPS events, 36
IPS rules, 36
R
reports, 22
Blocked Application
Summary, 128
Failed Quarantine
Updates, 129
generating, 26
IPS Event Summary by
Target, 127
IPS Events Summary by
Signature, 126
listing, 126
Network Intrusion Summary by Source IP, 127
running, 125
Top 10 Attacked Nodes for IPS, 128
Top 10 Blocked
Applications, 129
Top 10 Triggered
Signatures, 128
rule groups
firewall, 74
S
Security Headquarters (See Avert Labs)
security levels
High (red), 46
Info (blue), 46
Low (yellow), 46
Medium (orange), 46
security updates, DAT files and engine, 14
security vulnerabilities, releases for, 14
server tasks, 122
Directory Gateway, 122
Event Archiver, 122
Property Translator, 122
ServicePortal, technical support, 14
signatures, 46 creating, 48 creating custom, 163
creating with expert method, 52
creating with standard method, 52
creating with standard mode, 50
creating with wizard, 49 custom, 46, 48 custom host, 46 editing, 48
editing custom, 52 host, 46
host IPS, 34 modifying view, 48 network, 46 network IPS, 34 severity levels, 46 types, 46
Solaris client overview, 153
policy enforcement, 153 troubleshooting, 153
state table, firewall, 70 stateful filtering, 72 stateful packet inspection, 73 stateful protocol tracking, 73
DHCP, 74
DNS, 74
FTP, 74
ICMP, 73
TCP, 74
submit a sample, Avert Labs WebImmune, 14
T
technical support, contacting, 14 Threat Center (See Avert Labs) threat library, 14
training, McAfee resources, 14 troubleshooting
Linux client, 157
Solaris client, 153
trusted applications creating, 113
creating based on an event, 61
deleting, 114 disabling, 114 editing, 114 enabling, 114
Trusted Applications policy applying, 112 configuring, 112 creating, 112
Trusted Networks options, 110
Trusted Networks policy, 110 configuring, 110
tuning
analyzing events, 115 applying new policies, 116 automated, 162
client rules, 116 creating exceptions, 116 creating new policies, 116
creating trusted applications, 116
U
UDP, 73
updating
checking in update, 130
clients, 131
content, 130
process, 130
upgrade website, 14
using this guide, 11
V
Virus Information Library (See Avert Labs Threat Library)
W
WebImmune, Avert Labs Threat Center, 14
Windows client
Activity Log tab, 151
198