cancel
Showing results for 
Search instead for 
Did you mean: 
jj4sec
Level 11
Report Inappropriate Content
Message 1 of 3

Connection/domain awareness

I miss an option in HIPS to check if the machine can connect to the domain or not.

In microsoft FW it is possible to configure rules if the machine is domain connected or not and this is a very strong feature.

I this possible with McAfee ?

Does someone know if the Microsoft feature is someware available in the registry and if I can use that key to create connection aware rules ?

2 Replies
Highlighted

Re: Connection/domain awareness

jj4sec,

I believe the feature you are referring to is called Connection Aware Group (CAG) in HIPS 7 or Connection Isolation Group (CIG) in HIPS 8. It is thoroughly referenced in the product documentation:

HIPS 7: https://kc.mcafee.com/corporate/index?page=content&id=PD20107

HIPS 8: https://kc.mcafee.com/corporate/index?page=content&id=PD22894

You can use this feature to create rule groups that follow a specific set of connection parameters such as:

- IP Address

- DNS Search Suffix

- Default Gateway

- DNS Server

- DHCP Server

- WINS Server

You have a lot of options here but none that would directly reference domain connectivity. It would only be inferred by the above parameters but should work in most instances as, if the machines are connected to a specific domain, they should have a unique parameter from thst list above that could designate them as part of the domain.

Hope this helps!

Zaloorb

jj4sec
Level 11
Report Inappropriate Content
Message 3 of 3

Re: Connection/domain awareness

Thanks for the answer

It is indeed connection aware groups I refer to but the options are not "domain aware" and can be faked.

Our company policy is that no internet connectivity is allowed except via the company internet infrastructure, security and logging.

This is very difficult to implement with the McAfee options an even impossible if it must be impossible to bypass by intelligent IT people.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community