cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS Vs VSE

Jump to solution

Hii,

Can anyone have some ideas about difference between HIPS and VSE. Difference in there functions..scenarios will be really appreciate..

1 Solution

Accepted Solutions
vinoo
Level 13
Report Inappropriate Content
Message 4 of 5

Re: HIPS Vs VSE

Jump to solution

HIPS is an additional layer of protection over VirusScan that can prevent malware from executing on the endpoint should VirusScan signatures miss it.

It monitors system activity and uses pre-defined or customizable set of signatures to recognize suspicious program behavior. When this type of activity is identified, HIPS can prevent the offending program from executing its malicious payload.

Scenario where HIPS is often used are:

- Protect software program like browsers, flash, java that cannot be patched right away or don't have a patch yet from the vendor against zero-day web exploits.

- HIPS can monitor network packets coming to or from that specific host (block network exploits that worms like Conficker or Slammer abuse to spread)

- Log or prevent system modifications a malicious user could make in order to circumvent security policies (user tampering with registry, system files or logs)

Also read past threads on this topic.

4 Replies
vinoo
Level 13
Report Inappropriate Content
Message 2 of 5

Re: HIPS Vs VSE

Jump to solution

Re: HIPS Vs VSE

Jump to solution

Vinoo,

Thanks for your update but i am not getting clarity from those links.Can you please make me understand with 5-6 difference scenarios points.like on which point HIPS comes in picture...

vinoo
Level 13
Report Inappropriate Content
Message 4 of 5

Re: HIPS Vs VSE

Jump to solution

HIPS is an additional layer of protection over VirusScan that can prevent malware from executing on the endpoint should VirusScan signatures miss it.

It monitors system activity and uses pre-defined or customizable set of signatures to recognize suspicious program behavior. When this type of activity is identified, HIPS can prevent the offending program from executing its malicious payload.

Scenario where HIPS is often used are:

- Protect software program like browsers, flash, java that cannot be patched right away or don't have a patch yet from the vendor against zero-day web exploits.

- HIPS can monitor network packets coming to or from that specific host (block network exploits that worms like Conficker or Slammer abuse to spread)

- Log or prevent system modifications a malicious user could make in order to circumvent security policies (user tampering with registry, system files or logs)

Also read past threads on this topic.

d_j
Level 7
Report Inappropriate Content
Message 5 of 5

Re: HIPS Vs VSE

Jump to solution

I'd like to point out some key differences:

1) HIPs provides the ability to depict executables by hash, dig. cert., or description.... VSE does not.

2) HIPS provides the ability to do exceptions by user and a few other things... VSE does not.

3) HIPS has the ability to go beyond the File/Folder, Registry, and Port method and can also do hooks and specific programs, for example.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community