McAfee® Host Intrusion Prevention 6.1 Product Guide

IPS Policies

 

Search IPS Exception Rules

4

Search IPS Exception Rules

You can search for exceptions in any IPS Rules policy on the Search IPS Exception Rules tab. This search function enables you to determine if an exception is required for a signature rule. It also enables you to manage exceptions by deleting duplicate exception rules or creating trusted applications to allow a blocked process. Search criteria include the processes that triggered an event, the signatures that caused the event to be triggered, and the users affected by the exception rule. After you have found the related exception rules you are searching for, you are advised to manage this list to keep the number of overall exceptions to a minimum. You can do this by deleting ones that are not needed because exceptions already exist for a particular processes or signature, or by duplicating and editing an exception to replace several similar exceptions. The Search IPS Exceptions tab also enables you to disable exceptions instead of permanently deleting them, and to find exceptions that match a profile to copy to other IPS policies.

To search for exceptions and manage the list of exceptions:

1On the Search IPS Exception Rules tab, click Search. The Search IPS Exception Rules dialog box appears.

Figure 4-21 Search IPS Exception Rules

2Select the appropriate criteria and do one of the following:

„select All (the default) for all processes.

„select Specific and click Edit to indicate specific processes. In the Search for Specific [Criteria] dialog box, move items from the available list to the selected list and click

OK.

66

Page 66
Image 66
McAfee 6.1 manual Search IPS Exception Rules, To search for exceptions and manage the list of exceptions