cancel
Showing results for 
Search instead for 
Did you mean: 
gcis
Level 7

HIPS Configuration

HI Everyone,

I have two questions regarding the McAfee HIPS, I have found these settings and would like to know a few things.

Setting: Retain existing client rules when the policy is enforced - What does this mean, which policy will be retained.

Setting: Retain Blocked hosts - What does this mean and why?

0 Kudos
2 Replies
ansarias
Level 13

Re: HIPS Configuration

Retain existing client rules when the policy is enforced - Rule which has been created locally by adaptive mode will not be purge.

Retain Blocked hosts - Goes with IPS and it will not be overwrite by ePO policy when machine communicate to ePO console, it will append new block hosts.

0 Kudos
McAfee Employee

Re: HIPS Configuration

From the ePO server console help:


Retain blocked hosts



  • Select to allow a client to block a host IP address until the parameters set under 'Automatically block network intruders.' If not selected, the host is blocked only until the next policy enforcement.






Retain existing client rules when this policy is enforced



  • Select to allow clients to keep the client exception rules created on the client when the policy is enforced.



When the McAfee Agent enforces the HIPS policy on a system, the client rules (created by Adaptive/Learn mode, or created manually) will be deleted.  If Adaptive/Learn mode is enabled, the rule might be recreated, if the policy doesn't cover it.