cancel
Showing results for 
Search instead for 
Did you mean: 
remostas
Level 7

HIPS 8.0 which Connection-Aware Group is active

Jump to solution

Right now I am testing HIPS with Connection-Aware Groups which are firewall rule groups with some parameters. During the tests I noticed that I wasn't able to tell which Connection-Aware Group is active.

Neighter the McAfee Host Intrusion Prevention 8.0 Product Guide nor the internet could help. Is that so that McAfee did not implented somethink like a monitor?

Thanks

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

There is no visual notifications to show if a CAG is being matched.  You would need to enable debug logging to review the CAG configuration in the debug log files.   Please see the below KB article (applies to Host IPS 7.0, but is pretty much the same steps).

KB65560 - Troubleshooting Host Intrusion Prevention Connection Aware Groups

3 Replies
McAfee Employee

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

There is no visual notifications to show if a CAG is being matched.  You would need to enable debug logging to review the CAG configuration in the debug log files.   Please see the below KB article (applies to Host IPS 7.0, but is pretty much the same steps).

KB65560 - Troubleshooting Host Intrusion Prevention Connection Aware Groups

metalhead
Level 12

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

A "workaround" could also be to name the rules in the CAG with a CAG specific prefix, e.g. name all rules in a VPN CAG -> "VPN-Allow all" and so on ...

The rule name is shown directly in the activity log of the HIPS gui.

remostas
Level 7

Re: HIPS 8.0 which Connection-Aware Group is active

Jump to solution

Thanks to both of you (Kary and metalhead). This helps me a lot!

0 Kudos