I'm trying find some official McAfee documentation (or good documentation from any source) that deals specifically with how to best utilize the learning and adaptive modes of HIPS. We have a bunch of mission critical servers that I don't want to just dive in with HIPS turned on full blast, and we don't have a lab to do extensive testing before deployment.
I looked through the McAfee documentation page and found 31 links but didn't see anything that appeared to address this specific topic.
Thanks - PG
I think you might find these to be helpful:
PD20796 - Adopting Host Intrusion Prevention - Best Practices for quick success
PD20748 - Host Prevention 7.s Adaptive Mode
Or have you already looked at them ?
PD20748 documents the limitations of Host IPS Adaptive/Learn mode. I would recommend reading this guide as well to understand what Host IPS be learn and not learn, as you are tuning the policies.