cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

Adaptative mode : How to delete lines

Jump to solution

First sorry for my english.

Since we activated the adaptative mode for the hips 8.0 firewall module on a first alpha group, we received a lot of rules into the HOST IP 8.0 Reporting module.

We used these auto-created and suggested rules to consolidate a first version of our firewall groups rules and now we want to expand the test on more alpha groups.

Question is : Is it possible to delete these lines in to HOST IPS 8.0 Reporting module to be able to check from fresh the new exceptino that we will receive ? Same question about the IPS part

Thanks in advance for your advice

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Adaptative mode : How to delete lines

Jump to solution

To delete the HIPS IPS & Firewall Client Rules from ePO, they must be first deleted on the client.  In the Firewall Options policy, disable the "Retain existing client rules when the policy is enforced" option.  Send this policy down to the client.  Another McAfee Agent policy enforcement will wipe the client rules from the client.  A McAfee Agent Agent-to-Server Communication will then upload its properties with no client rules listed.  Within 15minutes, the HIPS 8.0 Property Translator task on the ePO server will run and wipe the client rules from the ePO console.  Enable the  "Retain existing client rules when the policy is enforced" option and push this policy to the client.  New firewall client rules will then be learned and retained again.

See page 23 (Activate adaptive mode) of the HIPS 8.0 Installation Guide.

PD22891 - Host Intrusion Prevention 8.0 Installation Guide

View solution in original post

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Adaptative mode : How to delete lines

Jump to solution

To delete the HIPS IPS & Firewall Client Rules from ePO, they must be first deleted on the client.  In the Firewall Options policy, disable the "Retain existing client rules when the policy is enforced" option.  Send this policy down to the client.  Another McAfee Agent policy enforcement will wipe the client rules from the client.  A McAfee Agent Agent-to-Server Communication will then upload its properties with no client rules listed.  Within 15minutes, the HIPS 8.0 Property Translator task on the ePO server will run and wipe the client rules from the ePO console.  Enable the  "Retain existing client rules when the policy is enforced" option and push this policy to the client.  New firewall client rules will then be learned and retained again.

See page 23 (Activate adaptive mode) of the HIPS 8.0 Installation Guide.

PD22891 - Host Intrusion Prevention 8.0 Installation Guide

View solution in original post

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Adaptative mode : How to delete lines

Jump to solution

thanks a lot, that's clear for me now. I just found the hips manual sometimes not enough clear.

Highlighted

Re: Adaptative mode : How to delete lines

Jump to solution

And how to delete lines adaptive mode in EPO 4.6.4 ? (Clients removed)

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community