cancel
Showing results for 
Search instead for 
Did you mean: 

How to add IPS Exception?

Jump to solution

Hi guys and gals,

I had a look at HIPS a while back and have only started to revisit it now, and with 8.0. So I'm following the deployment guide and would like to add an IPS Exception to a program we use quite frequently - which utilizes UltraVNC. Now I know there is a signature that deals with UltraVNC, and this is what's blocking it from running - so as a test I added this an exception and it worked fine. But I don't want to completely open that signature up, I want it to be specific to the program running.

So...

The program that runs we have called petro-vnc.exe so how do I go about adding this specific executable as an exception to the rule?

I'm running this via EPO 4.5 - any more info needed let me know.

Your help is very much appreciated and I apologize if something similar has been covered elsewhere.

Cheers,

Dan

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

How to add IPS Exception?

Jump to solution

Hi Dan. When you create an IPS exception (page 47 of PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide), you'll want to define the application properties (file description (not your app description, but the description within the EXE file itself; rclick, Properties to get the Description info), path/file name, MD5 hash fingerprint,or signer.)  You can either add the application individually, or add the application to the Host IPS 8.0 Catalog and just pull the application data from there (page 70).

0 Kudos
4 Replies
McAfee Employee

How to add IPS Exception?

Jump to solution

Hi Dan. When you create an IPS exception (page 47 of PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide), you'll want to define the application properties (file description (not your app description, but the description within the EXE file itself; rclick, Properties to get the Description info), path/file name, MD5 hash fingerprint,or signer.)  You can either add the application individually, or add the application to the Host IPS 8.0 Catalog and just pull the application data from there (page 70).

0 Kudos

How to add IPS Exception?

Jump to solution

Thanks Kary - looks like I'm sorted now.

I didn't realise the file description was the ACTUAL description on the file properties and I also used this tool (http://www.nirsoft.net/utils/hash_my_files.html) to get the MD5 hash of the file. Added the exception and appears to be working!

Thanks for your help.

Dan

0 Kudos
McAfee Employee

How to add IPS Exception?

Jump to solution

BreadMurderer wrote:

I also used this tool (http://www.nirsoft.net/utils/hash_my_files.html) to get the MD5 hash of the file.


Just FYI, with HIPS 8.0 you can use the built-in ClientControl tool to get application information.

KB71205 - How to obtain executable information for Host Intrusion Prevention 8.0 using the ClientControl.exe utility

How to add IPS Exception?

Jump to solution

I did not know that - cheers!

0 Kudos