cancel
Showing results for 
Search instead for 
Did you mean: 
Dogers
Level 7
Report Inappropriate Content
Message 1 of 5

Remove Clients HIPS Rules

Is there a way to blank out a clients HIPS (7.0 p3) rules from ePO?

We've had a user set up a ton of rules which they don't actually need/want, but besides talking them through deleting them all is there another way?
4 Replies

RE: Remove Clients HIPS Rules

Both the Firewall Options and IPS Options policies have a check box to specify whether or not you want to retain locally created rules when the policy is enforced.
Dogers
Level 7
Report Inappropriate Content
Message 3 of 5

RE: Remove Clients HIPS Rules

I can see that option in IPS and App Blocking, but not the firewall options?

Also, what does it class as enforcing the rules? Is it when an agent wake up is done? Or even the periodical agent check in?

Sorry for all the questions, but the help files are a little self referential!

RE: Remove Clients HIPS Rules



heh...I know what you mean about the help docs. I love when there's a text box labeled something like "Settings" and the help file says, "This is where you put settings." Really? 😄

I just realized I answered not knowing which version of ePO you're on. I'm running ePO4.0 and when I open the policies for HIPS 6.1 and 7.0 Firewall Options the setting is right there. I can't remember what 3.6 looks like. Have you kept the HIPS extensions current along with the client packages?

As far as agent communication goes, a wake up call should do the trick, especially if the policy has been modified. I have seen wake up calls that just resulted in "No package to receive" and nothing happens. But if the policy's been modified it should download and enforce the new policy package.

Aside from that there's the McAfee Agent policies which specify how often to check for new policies/tasks (ASCI) as well as how often to enforce the currently downloaded policy package.
Highlighted
Dogers
Level 7
Report Inappropriate Content
Message 5 of 5

RE: Remove Clients HIPS Rules

Unfortunately we're still ePO 3.6 as we have DFW still in use until I can set up rules and convince people to start using it..

Good point about the extensions, I think we're still using the original 7.0.0 extensions, so I'll look into updating them.

Looking at the agent, it's set to McAfees default 5mins at the moment, so I guess that would overwrite the client rules every 5mins which would drive them mad happy
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community