cancel
Showing results for 
Search instead for 
Did you mean: 
Pmaquoi
Level 10

Adaptative mode : How to delete lines

Jump to solution

First sorry for my english.

Since we activated the adaptative mode for the hips 8.0 firewall module on a first alpha group, we received a lot of rules into the HOST IP 8.0 Reporting module.

We used these auto-created and suggested rules to consolidate a first version of our firewall groups rules and now we want to expand the test on more alpha groups.

Question is : Is it possible to delete these lines in to HOST IPS 8.0 Reporting module to be able to check from fresh the new exceptino that we will receive ? Same question about the IPS part

Thanks in advance for your advice

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Adaptative mode : How to delete lines

Jump to solution

To delete the HIPS IPS & Firewall Client Rules from ePO, they must be first deleted on the client.  In the Firewall Options policy, disable the "Retain existing client rules when the policy is enforced" option.  Send this policy down to the client.  Another McAfee Agent policy enforcement will wipe the client rules from the client.  A McAfee Agent Agent-to-Server Communication will then upload its properties with no client rules listed.  Within 15minutes, the HIPS 8.0 Property Translator task on the ePO server will run and wipe the client rules from the ePO console.  Enable the  "Retain existing client rules when the policy is enforced" option and push this policy to the client.  New firewall client rules will then be learned and retained again.

See page 23 (Activate adaptive mode) of the HIPS 8.0 Installation Guide.

PD22891 - Host Intrusion Prevention 8.0 Installation Guide

0 Kudos
3 Replies
McAfee Employee

Re: Adaptative mode : How to delete lines

Jump to solution

To delete the HIPS IPS & Firewall Client Rules from ePO, they must be first deleted on the client.  In the Firewall Options policy, disable the "Retain existing client rules when the policy is enforced" option.  Send this policy down to the client.  Another McAfee Agent policy enforcement will wipe the client rules from the client.  A McAfee Agent Agent-to-Server Communication will then upload its properties with no client rules listed.  Within 15minutes, the HIPS 8.0 Property Translator task on the ePO server will run and wipe the client rules from the ePO console.  Enable the  "Retain existing client rules when the policy is enforced" option and push this policy to the client.  New firewall client rules will then be learned and retained again.

See page 23 (Activate adaptive mode) of the HIPS 8.0 Installation Guide.

PD22891 - Host Intrusion Prevention 8.0 Installation Guide

0 Kudos
Pmaquoi
Level 10

Re: Adaptative mode : How to delete lines

Jump to solution

thanks a lot, that's clear for me now. I just found the hips manual sometimes not enough clear.

0 Kudos
maestro
Level 7

Re: Adaptative mode : How to delete lines

Jump to solution

And how to delete lines adaptive mode in EPO 4.6.4 ? (Clients removed)

0 Kudos