Host Intrusion Prevention 6.1 Product Guide

Index

IPS Options, 36

IPS Protection, 39

product information

resources, 13

product upgrades, 14

professional services, McAfee resources, 14

Q quarantine

policies and rules, 77 quarantine groups

deleting, 93 Quarantine Options policy

configuring, 90 quarantine rule groups

creating, 93 quarantine rules adding, 93 creating, 93 deleting, 93 editing, 92 viewing, 92

Quarantine Rules policy configuring, 91 creating, 91

quick access

Application Blocking client rules, 95

Application Blocking rules, 95 Firewall client rules, 79 Firewall rules, 79

IPS client rules, 36

IPS events, 36

IPS rules, 36

R

reports, 22

Blocked Application

Summary, 128

Failed Quarantine

Updates, 129

generating, 26

IPS Event Summary by

Target, 127

IPS Events Summary by

Signature, 126

listing, 126

Network Intrusion Summary by Source IP, 127

pre-defined,125

running, 125

Top 10 Attacked Nodes for IPS, 128

Top 10 Blocked

Applications, 129

Top 10 Triggered

Signatures, 128

rule groups

firewall, 74

S

Security Headquarters (See Avert Labs)

security levels

High (red), 46

Info (blue), 46

Low (yellow), 46

Medium (orange), 46

security updates, DAT files and engine, 14

security vulnerabilities, releases for, 14

server tasks, 122

Directory Gateway, 122

Event Archiver, 122

Property Translator, 122

ServicePortal, technical support, 14

signatures, 46 creating, 48 creating custom, 163

creating with expert method, 52

creating with standard method, 52

creating with standard mode, 50

creating with wizard, 49 custom, 46, 48 custom host, 46 editing, 48

editing custom, 52 host, 46

host IPS, 34 modifying view, 48 network, 46 network IPS, 34 severity levels, 46 types, 46

Solaris client overview, 153

policy enforcement, 153 troubleshooting, 153

state table, firewall, 70 stateful filtering, 72 stateful packet inspection, 73 stateful protocol tracking, 73

DHCP, 74

DNS, 74

FTP, 74

ICMP, 73

TCP, 74

submit a sample, Avert Labs WebImmune, 14

T

technical support, contacting, 14 Threat Center (See Avert Labs) threat library, 14

training, McAfee resources, 14 troubleshooting

Linux client, 157

Solaris client, 153

trusted applications creating, 113

creating based on an event, 61

deleting, 114 disabling, 114 editing, 114 enabling, 114

Trusted Applications policy applying, 112 configuring, 112 creating, 112

Trusted Networks options, 110

Trusted Networks policy, 110 configuring, 110

tuning

analyzing events, 115 applying new policies, 116 automated, 162

client rules, 116 creating exceptions, 116 creating new policies, 116

creating trusted applications, 116

U

UDP, 73

updating

checking in update, 130

clients, 131

content, 130

process, 130

upgrade website, 14

using this guide, 11

V

Virus Information Library (See Avert Labs Threat Library)

W

WebImmune, Avert Labs Threat Center, 14

Windows client

Activity Log tab, 151

198

Page 198
Image 198
McAfee 6.1 manual Signatures, 46 creating, 48 creating custom