cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Creating exceptions by threat type

Is it possible to create a HIPS exception based on the threat type?

For example, if we only want to see events when a particular item is deleted from the registry, can we create an exception for creations and modifications?  Is this something we can do from within the Advanced Parameters?

We are running HIPS 7 currently.  Please let me know if you have any questions.  Thanks!

5 Replies
Highlighted

Re: Creating exceptions by threat type

I would also like to know the answer to this, as well as what additional parameters HIPS 8 affords.

My assumption would be that if it is not something that is added by creating an automatic exception, then you can't make an exception with that parameter.

Highlighted

Re: Creating exceptions by threat type

Thanks for the post damageinc, I did try creating the automatic exception but it was not listed as an available field.  I am hoping by using the Custom option within the Advanced Parameters that this would be possible.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Creating exceptions by threat type

ugongetralphed wrote:

Is it possible to create a HIPS exception based on the threat type?


No, I don't think this is possible.

Highlighted

Re: Creating exceptions by threat type

Thanks Kary.  I have run across several instances where it would be valuable to create exceptions based on the threat type. 

Right now, we are receiving a lot of false positives for the Yunsip HIPS signature where the threat type is delete.  According to the technical details of Yunsip, it only creates or modifies registry keys.

How would we go about requesting a product enhancement for this feature?  Also, how would we request having this signature reviewed and possibly changed to prevent deletions from triggering events?

Thanks again!

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Creating exceptions by threat type

To submit a PER, please use the below KB article.

KB60021 - Information about Product Enhancement Requests for McAfee products

To have a possible false positive reviewed, please open a Service Request with McAfee Support.  We will need HIPS debugging enabled, then reproduce the issue, and gather a MER file, as well as any other pertient details about the violation event.

KB72869 - How to enable Host Intrusion Prevention 7.0/8.0 debug logging

KB59385 - Minimum Escalation Requirements (MER) tool list for McAfee Security Products

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community