guys i found this kb https://kc.mcafee.com/corporate/index?page=content&id=KB71794 and tried
1. new ips rule based on mcafee default policy.
2. severity level as high
3. created a new subrule with TWO option 1. program-> Run target executable-> target executable(added file name description and fingerprint ) 2. hook->hook DLL->executables(added file name description and fingerprint )
4. in IPS protection ive created severity HIGH - prevent then other things are log
5. then i've assigned this things to my system group but still it dosen't block the application.
please help me guys AM I MISSING SOME THING. if any ome create a video in YOU TUBE OR ANY OTHER SOCIAL LINK it will be useful for so many peoples.
or if some one solve my things i'll do a video and post in youtube to help blocking application in HIPS 8.0
please find the attachments below.
I've already followed that you can find that screenshoot but its not working, in that it says environment like this
McAfee ePolicy Orchestrator 4.5
McAfee ePolicy Orchestrator 4.0
McAfee Host Intrusion Prevention 8.0
but i'm using epo 4.6 is it make any difference.Message was edited by: sathish1 on 27/2/13 10:24:14 AM IST
The KB article works for ePO 4.6 as well. Please make sure you follow the KB instructions, as they are different than the instructions you originally posted (it's using the PROGRAM engine, not the HOOK engine).