cancel
Showing results for 
Search instead for 
Did you mean: 
hulk0420
Level 7

How to test HIPS IPS and HIPS firewall if they are working

How to test HIPS8.0 IPS and HIPS firewall if they are working

0 Kudos
3 Replies
pierce
Level 13

Re: How to test HIPS IPS and HIPS firewall if they are working

If you right click on the mcafee agent and then select 'manage features' and then 'Host Intrusion Prevention' on an endpoint it will open the HIPS client, then browse to the activity log. You can filter to IPS or Firewall and check both are showing data, I have medium IPS rules set to log so get quite a few IPS events in green which shows its working.

Thanks,

Pierce

0 Kudos
McAfee Employee

Re: How to test HIPS IPS and HIPS firewall if they are working

As Pierce suggested, open the HIPS Client UI (via the McAfee Agent tray icon or by running McAfeeFire.exe in the HIPS installation directory).  Look in the Activity Log menu. 

IPS events will show as Intrusion events with Attack Type messages (RED if blocked; GREEN if logged only).

*NOTE: Most IPS events will be sent to the ePO server for further review.  A few signatures do not send ePO events (these are mainly the self-protection signatures; by design).

Firewall events will show as Traffic events with Blocked or Allowed messages. 

*NOTE: Firewall events are NOT sent back to the ePO server.  This is by design.

Corrected: Intrusion and Traffic
Message was edited by: ktankink on 7/11/12 4:47:53 PM CDT
0 Kudos
homeless
Level 9

Re: How to test HIPS IPS and HIPS firewall if they are working

Another way to test HIPS and see it in action is to download NMap and run an intense port scan against the system, should light up like a Christmas Tree.

0 Kudos