VirusScan's Access Protection (AP) feature monitors and blocks specific behaviors on the system. However, the configuration options are limited to processes to include and exclude. Host IPS has the same rules in place, disabled by default, but allows for more customization and the ability to dive down into your security. For instance, when configuring VirusScan’s AP rules, exclusions can be set only by file names or path. Host IPS provides the option to use file or file destination filename, path, Fingerprint (MD5 Hash), Certificate Signer, and/or application description. If behavior blocking is needed, but requires more customization for rule and exception creation, Host IPS is a great solution.
For more information about the comparable rules between VirusScan's Access Protection feature and Host IPS, see the "Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention" white paper at PD20870 (https://kc.mcafee.com/corporate/index?page=content&id=PD20870).
For more resources, visit the ServicePortal and search for related content. Also, visit the McAfee Host IPS Community (https://community.mcafee.com/community/business/system/hip).
Intel Security SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.