cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS 8.0 - ePO configuration question

Jump to solution

Hi guys,

I am new to HIPS and have a question regarding congirution - allowing and blocking traffic.  i know that typical firewall works that everything is blocked (most bottom rule), everything up is allowed (based on rules). How does this work in HIPS firewall when managing in ePO ?

I know I can add rules and groups of rules with allow or block action. My question is: are rules and group of rules, which are not added (enabled) blocked or allowed ?

Thnx,

Gregor

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: HIPS 8.0 - ePO configuration question

Jump to solution

The ePO policy has rules to Allow/Block network traffic.  The client has a BLOCK ALL rule at the bottom of the policy.  Any network traffic not allowed via ePO policy, will be automatically Blocked by the client.  This is the reason why you don't need a BLOCK ALL rule at the bottom of the ePO policy, but some people prefer to see it in the policy anyways. 

You can view this bi-directional block all rule at the bottom of the Host IPS 8.0 Client UI Firewall policy: Block All Traffic.

View solution in original post

2 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: HIPS 8.0 - ePO configuration question

Jump to solution

The ePO policy has rules to Allow/Block network traffic.  The client has a BLOCK ALL rule at the bottom of the policy.  Any network traffic not allowed via ePO policy, will be automatically Blocked by the client.  This is the reason why you don't need a BLOCK ALL rule at the bottom of the ePO policy, but some people prefer to see it in the policy anyways. 

You can view this bi-directional block all rule at the bottom of the Host IPS 8.0 Client UI Firewall policy: Block All Traffic.

View solution in original post

Re: HIPS 8.0 - ePO configuration question

Jump to solution

Hi Kary,

yes I found out under Client UI that at the bottom is Block All rule that catch everything else. I was a little confused about logic Enable / Disable rule and the fact that you could also create a block rule due to the fact that bottom rule block everything else

Thanks for help Kary !

Gregor

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community