cancel
Showing results for 
Search instead for 
Did you mean: 
dmease729
Level 11

Missing Workstation Parameter when configuring manual exceptions

Jump to solution

Hi,

We are currently running through a functional testing phase, and one of the test team has identified an interesting issue.  It would appear that the parameters available for manual exceptions do not cover all parameters that could be relevant.  We have confirmed this for one parameter (see below), but there may be more...

IPS extensions are as follows:

Host Intrusion Prevention 8.0.0: 8.0.4.838

Host IPS Advanced: 8.0.4.838

Host IPS License Extension: 8.0.4.838

Recreation of issue:

- ePO: Menu | Reporting | Host IPS 8.0

- Event tab | pick any event (from my experience, the majority if sigs always fill in the workstation parameter in the following steps)

- Select check box next to event and then Actions | New Exception (Host IPS 8.0)

- Select suitable destination policy and click OK

- ePO: Menu | Policy | Policy Catalog

- Select Product = Host Intrusion Prevention 8.0:IPS

- Select Category = IPS Rules

- Select hyperlink for destination policy selected above, and browse to exceptions tab

- For newly created exception (confirm 'Modified' date), click edit

- Under parameters | parameters, you will see 'Workstation Name'

- Within the same IPS rules policy, on the exception rules tab, click New

- On the IPS exception page, under Parameters | Parameters, click New

- Click Parameter Name field and confirm that 'Workstation Name' is not an option in the drop down list.

Any thoughts or comments?  From my own perspective, the use of this particular parameter within exceptions would be fairly rare, but still - I think this is a darned good spot by the testers :-)

Cheers,

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Missing Workstation Parameter when configuring manual exceptions

Jump to solution

If the parameter name is not listed, just copy/paste the Parameter Name value in from the signature violation.

0 Kudos
2 Replies
McAfee Employee

Re: Missing Workstation Parameter when configuring manual exceptions

Jump to solution

If the parameter name is not listed, just copy/paste the Parameter Name value in from the signature violation.

0 Kudos
dmease729
Level 11

Re: Missing Workstation Parameter when configuring manual exceptions

Jump to solution

Hi Kary,

Thanks for the answer!  Didn't realize this was free-text, especially as some items are available in the drop-down :-)

The test team are going to configure an exception this way, and confirm that it works.

Cheers,

0 Kudos