cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted Application List building / Best Practice ?? HIPS 8 and/or7

I am curious as to how peoples experience has been with Trusted Application list building. I am debating about basing it off of “signer” and not as granular as signer and each exe.

Reason being the environment we are deploying to is very large, 10,000+ and a wide variety of version for example MS Office 2003, 2007, 2010 each suite plus other products such as visio and project already build a lengthy list and the maintaining of that list. Is it that much of a risk if all Microsoft signer details are listed as trusted instead of all the variety of signer info (4-5) per EXE for MS Office…?

Any thoughts or feedback would greatly appreciated. I have to make a decision and I am at a total loss as to what would be best.

Also, solution will be growing to 20,000 systems.

Any other ideas or suggestions? Thanks in advance

3 Replies

Re: Trusted Application List building / Best Practice ?? HIPS 8 and/or7

I think the best practice is by starting deploying ePO  on a test  work stations and servers and put it on adaptive mode or learning mode  and see the day to day use of those workstations and servers  then use that policy and tighten up and deploy it to  a large enviroment

Re: Trusted Application List building / Best Practice ?? HIPS 8 and/or7

  Where do the learned rules appear on the epo 4.6 server?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Trusted Application List building / Best Practice ?? HIPS 8 and/or7

Ian Zwirek wrote:

  Where do the learned rules appear on the epo 4.6 server?

Learned client rules go into the Menu, Reporting, Host IPS 8.0 menu.  Look for IPS Client Rules and Firewall Client Rules.