cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple HIPS Policies applied (stack), which policy to apply exception?

First post, nice to meet you all

 

Thank you in advance for any help.

I work in an environment where we have multiple HIPS policies applied in a stack. Some of them are a matter of compliance and cannot be deleted or else we fall out of compliance and have commited a security violation. My question is, given the information below, scenario based-

Policy 1

Policy 2 *has a signature that blocks a particular file or executable

Policy 3

Policy 4

Policy 5

Given the stack of policies above, can the exception be provided in Policy 5 even though the block is coming from a signature in Policy 2? Does the list/stack of policies rely on sequence? Or does the ePO server ultimately look at the list of policies singularly?

One of the reasons I ask is- when we discover a block, due to developers testing their software, we create an exception in HIPS (provided it's a HIPS block), however I do not see anything from the ePO or in the HipShield.log specifying which policy the block is occuring from.

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community