
McAfee® Host Intrusion Prevention 6.1 Product Guide | IPS Policies |
| Configuring the IPS Protection policy |
4
These levels indicate potential danger to a system and enable you to define specific reactions for different levels of potential harm. You can modify the severity levels and reactions for all signatures. For example, when suspicious activity is unlikely to cause damage, you can select ignore as the reaction. When an activity is likely to be dangerous, you can set prevent as the reaction.
The IPS Protection policy has several preset policies from which to select. If the preset policies do not provide the selected option combination you want, create a new policy and select the required options. Selections in the IPS Protection policy dialog box vary depending on the selected policy.
To configure the IPS Protection policy:
1Expand the IPS feature, and click Edit on the IPS Protection category line.
2To apply a preset policy, select it in the policy list. Click the policy name icon to view the settings:
| Select this policy... | For these options... |
|
|
|
| (Basic Protection | Prevent high severity level signatures and ignore the rest. |
| (McAfee Default)) |
|
| (Enhanced Protection) | Prevent high and medium severity level signatures and ignore |
|
| the rest. |
|
|
|
| (Maximum Protection) | Prevent high, medium, and low severity level signatures and |
|
| log the rest. |
|
|
|
| (Prepare for Enhanced | Prevent high and log medium severity level signatures and |
| Protection) | ignore the rest. |
|
|
|
| (Prepare for Maximum | Prevent high and medium severity level signatures, log low |
| Protection) | severity level signatures, and ignore the rest. |
| (Warning) | Log high severity level signatures and ignore the rest. |
|
|
|
3 Click Apply. |
|
To create a new IPS Protection policy:
1Click Edit on the IPS Severity category line, and select New Policy in the policy list.
2In the Create New Policy dialog box, select the policy to duplicate, type the name of the new policy, and then click OK.
Create a new, duplicate policy when viewing the details of a preset policy by clicking Duplicate at the bottom of the policy dialog box. Type the name of the new policy and
indicate whether to assign the policy immediately to the current node.
39