Using custom IPS signatures, you can help prevent the spread of malware by creating rules to prevent file operations (create, write, execution, read, etc.) of malware. There are two Subrule types that can accomplish this, one using the FILES engine and the other using the PROGRAM engine.
To learn more about these and how to create custom IPS signatures, see the following resources:
- KB84507 - How to use Host IPS rules for a malware outbreak
- PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide,
page 101, “Appendix A — Writing Custom Signatures and Exceptions”
For more resources, visit the ServicePortal (https://support.mcafee.com) and search for related content. Also, visit the McAfee Host IPS Community: https://community.mcafee.com/community/business/system/hip
McAfee SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center: https://sns.snssecure.mcafee.com/content/signup_login