cancel
Showing results for 
Search instead for 
Did you mean: 
pierce
Level 13

Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution

Hey,

im in the process of building and rolling out a firewall policy, as the policy gets bigger and bigger its taking longer to save but its also causing more database blocks as its saving.

Does anyone know if this is improved in ePO 4.6? or if i should look to trim down the policy now while im at the early stages of a roll out.

thanks,

Pierce

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution
How would one go about optimizing policies?


Bundle your rules as much as possible.  Instead of creating mulitple IPS exception for single exectuables, create one exception with multiple executables (as long as the details match).  Don't just create an IPS exception off an event; modify that exception to include other variations of similar IPS events.  Same for Firewall rules.  It's not always easy to create rules for multiple events, but try to minimize duplication of rules that are just slightly different.

0 Kudos
5 Replies
McAfee Employee

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution

Host IPS policies are typically larger in size, so optimize your policy as you are building it to reduce the time it takes to save the policies.  Database locks are as designed when saving product policies.

0 Kudos
pierce
Level 13

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution

Hey Kary,

Thanks for the response. How would one go about optimizing policies?

Also ill let my database team know its as designed and not to worry unless the blocks start lasting too long.

thanks,

Pierce

0 Kudos
McAfee Employee

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution
How would one go about optimizing policies?


Bundle your rules as much as possible.  Instead of creating mulitple IPS exception for single exectuables, create one exception with multiple executables (as long as the details match).  Don't just create an IPS exception off an event; modify that exception to include other variations of similar IPS events.  Same for Firewall rules.  It's not always easy to create rules for multiple events, but try to minimize duplication of rules that are just slightly different.

0 Kudos
McAfee Employee

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution

Since you posted your Java rules, here's an example of optimization. 

Combine these rules into single rules, since the ports, remote address, direction, etc. are the same, but the rule applies to multiple applications.  This is mainly for Host IPS 8.0, since you add multiple applications/executables to Firewall rules (does not apply to HIPS 7.0).  This group of 10 rules could be reduced to 7 (when you upgrade to HIPS 8).

HIPSJavaRules3.jpg

0 Kudos
pierce
Level 13

Re: Saving HIPS 7 policy on ePO 4.5 P1 causes database blocks, any better on 4.6?

Jump to solution

Hey Kary,

Thanks for the update, thats good to know that once I move to HIPS 8 it will be easier to manage still and I can cut down on the amount of rules even more.

0 Kudos