cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS 8.0 which Connection-Aware Group is active

Jump to solution

Right now I am testing HIPS with Connection-Aware Groups which are firewall rule groups with some parameters. During the tests I noticed that I wasn't able to tell which Connection-Aware Group is active.

Neighter the McAfee Host Intrusion Prevention 8.0 Product Guide nor the internet could help. Is that so that McAfee did not implented somethink like a monitor?

Thanks

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

There is no visual notifications to show if a CAG is being matched.  You would need to enable debug logging to review the CAG configuration in the debug log files.   Please see the below KB article (applies to Host IPS 7.0, but is pretty much the same steps).

KB65560 - Troubleshooting Host Intrusion Prevention Connection Aware Groups

3 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

There is no visual notifications to show if a CAG is being matched.  You would need to enable debug logging to review the CAG configuration in the debug log files.   Please see the below KB article (applies to Host IPS 7.0, but is pretty much the same steps).

KB65560 - Troubleshooting Host Intrusion Prevention Connection Aware Groups

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

A "workaround" could also be to name the rules in the CAG with a CAG specific prefix, e.g. name all rules in a VPN CAG -> "VPN-Allow all" and so on ...

The rule name is shown directly in the activity log of the HIPS gui.

Highlighted

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

Thanks to both of you (Kary and metalhead). This helps me a lot!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community