McAfee® Host Intrusion Prevention 6.1 Product Guide

IPS Policies

 

Configuring the IPS Rules policy

4

Configuring the IPS Rules policy

Unlike most policy categories, the IPS Rules policy can have several policy profiles assigned. This expanded use of policies allows you to create several policies that profile a client’s usage, location, or type of system on which it is installed to more easily apply intrusion prevention safeguards. For example, for an IIS Server you might apply a general default policy, a server policy, and an IIS policy, the latter two configured to specifically target systems runnings as IIS servers. In addition to applying existing policies, you can also easily create new ones if the available policies do not meet your safeguard needs.

To assign IPS Rules policies:

1Expand the IPS feature, and click Edit on the IPS Rules policy name line.

2To apply an existing policy, select it in the policy list. Click the policy name to view details of the policy.

3Click Apply.

4To add another policy instance, click Assign Additional Policy at the top of the IPS Rules section.

A new policy row appears.

5Repeat steps 1 to 3.

To create a new IPS Rules policy:

1Do one of the following:

„Click Edit in an IPS Rules policy name row.

„Click Assign additional policy at the top of the IPS Rules listing.

2Select New Policy in the policy list

3In the Create New Policy dialog box, select the policy to duplicate, type the name of the new policy, and then click OK.

4In the IPS Rules tab edit, as appropriate:

„Exceptions (See Exception Rules on page 42.)

„Signatures (See Signatures on page 46.)

„Application Protection Rules (See Signatures on page 46.)

5Click Close to close the IPS Rules policy dialog box.

6Click Apply in the IPS Rules policy name row.

Policies can be deleted only in the ePolicy Orchestrator Policy Catalog page and only by global administrators.

41

Page 41
Image 41
McAfee 6.1 manual Configuring the IPS Rules policy, To assign IPS Rules policies, To create a new IPS Rules policy