cancel
Showing results for 
Search instead for 
Did you mean: 
KOS_McAfee
Level 7

HIPS 7.0 exporting rules?

Jump to solution

I have tested this HIPS 7.0 client on Windows XP Professional. I would like to export rules i have tested and use these rules as default in all machines. How can i export firewall rules from HIPS 7 client?

0 Kudos
1 Solution

Accepted Solutions
sudeepg
Level 10

Re: HIPS 7.0 exporting rules?

Jump to solution

Check under Reporting->Host IPS-> IPS Client rules or F/W Client Rules or Application Blocking Client rules

Make sure you selcet the correct group.

For ePO 4.5: Menu->Reporting->Host IPS->IPS Client rules or F/W Client Rules or Application Blocking Client  rules

0 Kudos
6 Replies
sameer172006
Level 12

Re: HIPS 7.0 exporting rules?

Jump to solution

Hi Kos_McAfee,

Where to find policies


ePolicy Orchestrator provides two locations to view and manage Host Intrusion Prevention
policies:
• Systems | System Tree | Policies tab of a selected group in the System Tree
• Systems | Policy Catalog


Policies tab


Use the Policies tab to view the policies of a particular feature of the product, view details of
the policy, view inheritence information, edit policy assignment, and edit custom policies or
create a new policy relating to a selected group or system.

Policy Catalog


Use the Policy Catalog to create policies, view and edit policy information, view where a policy
is assigned, view the settings and owner of a policy, and view assignments where policy
enforcement is disabled.


To... Do this...
Create a policy Click New Policy, name it, and edit the settings.
Edit a policy Click Edit (only available for My Default or custom policies).
View a policy Click View (only available for McAfee Default or preconfigured policies).
Click Rename and change the name of the policy (not available for default or preconfigured policies).
Rename a policy
Duplicate a policy Click Duplicate, change the name of the policy, and edit the settings.
Managing Your Protection
Management of policies
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 17


To... Do this...
Click Delete (not available for default or preconfigured policies).
NOTE: When you delete a policy, all groups to which it is currently applied
inherit the policy of this category from their parent. Before deleting a policy,
Delete a policy
look at all of the nodes to which it is assigned, and assign a different policy
if you don’t want the policy to inherit from the parent. If you delete a policy
that is applied at the top level, the default policy of this category is applied.
Click the owner of the policy and select another owner from a list (not available
for default or preconfigured policies).
Assign a policy owner


Click Export, then name and save the policy (an XML file) to the desired location.


Export a policy


Click Export all policies, then name and save the policy XML file to the
desired location.
Export all policies
Click Import at the top of the Policy Catalog page, select the policy XML file,
then click OK.
Import policies
For details on any of these features, refer to the ePolicy Orchestrator 4.0 documentation.

I hope the above helps.

Sameer.

Please mark the answer as correct or helpful if it was useful so that others can use it as a ready reference.

0 Kudos
KOS_McAfee
Level 7

Re: HIPS 7.0 exporting rules?

Jump to solution

Hello Sameer,

I know how i can export policies from EPO server but i need to know how its done from Windows XP workstation? Situation is this... I have tested this HIPS client in workstation. I have teached rules how to manage with programs. Now everything is like i want it to be and i would like to "upload" these rules to EPO server. So i would like to use these rules like Firewall rules for computers. Is this possible?

0 Kudos
bgable
Level 11

Re: HIPS 7.0 exporting rules?

Jump to solution

All of the client learned rules should be going back to ePO as properties.  The Property Translator server task should convert these into client rules which you can view and apply to any named policy.  Once you've done that, you can export the policy.  The property Translator task can be run manually or will run automatically every 10 minutes be default.   If you are not seeing any rules coming back, ensure you have the option to retain client rules checked in your policy (this is the default setting).  After applying the rules you want to a named policy, you can uncheck "Retain client rules" and they will clear out after an asci.

0 Kudos
KOS_McAfee
Level 7

Re: HIPS 7.0 exporting rules?

Jump to solution

Ok i processed the Property Translator server task. Where these rules should be found? Under computers details ( System Details -> Host Intrusion Prevention -> More ) i can see those rules but i cant see exported rules in Policy pages. This should be little easier that this... =)

0 Kudos
sudeepg
Level 10

Re: HIPS 7.0 exporting rules?

Jump to solution

Check under Reporting->Host IPS-> IPS Client rules or F/W Client Rules or Application Blocking Client rules

Make sure you selcet the correct group.

For ePO 4.5: Menu->Reporting->Host IPS->IPS Client rules or F/W Client Rules or Application Blocking Client  rules

0 Kudos
KOS_McAfee
Level 7

Re: HIPS 7.0 exporting rules?

Jump to solution

Correct answer... Now i found those rules and added rules to policy. Thanks a lot for everybody and specially for Sudeep Garg.

0 Kudos