cancel
Showing results for 
Search instead for 
Did you mean: 
a2wa2
Level 8
Report Inappropriate Content
Message 1 of 4

HIP exception

Jump to solution

Dear friends

On My HIPS I have threat events that the signature is about TCP port scan and it is false positive. I want to fixed it by exception rule to not annoy it from blocking,

policy catalog>host intrusion prevention 8:IPS> IPS Rules>exception rule, here I do not know the meaning of executable parameters, I have remote ip  ,remote port, local ip,local port and threat ID =3700 in my threat log .but in this path I have only remote ip in my parameters.

Is this exception work correctly? or I should add more features? how does it know to not to block this remote ip from accessing to this local ip?

1 Solution

Accepted Solutions
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: HIP exception

Jump to solution

Executable as a parameter is referring to information on at least one of these four values:

- Name of the application

- File Description - File description within the application executable (not a "Comment" description of the executable)

- File name - Application name with or without paths

- Fingerprint - MD5 Fingerprint

Page 42:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22894/en_US/...

KB may provide some assistance in How to create Network IPS exceptions for Host Intrusion Prevention Technical Articles ID:   KB77236 Last Modified:  6/19/2014

McAfee Corporate KB - How to create Network IPS exceptions for Host Intrusion Prevention KB77236

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
3 Replies
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: HIP exception

Jump to solution

Executable as a parameter is referring to information on at least one of these four values:

- Name of the application

- File Description - File description within the application executable (not a "Comment" description of the executable)

- File name - Application name with or without paths

- Fingerprint - MD5 Fingerprint

Page 42:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22894/en_US/...

KB may provide some assistance in How to create Network IPS exceptions for Host Intrusion Prevention Technical Articles ID:   KB77236 Last Modified:  6/19/2014

McAfee Corporate KB - How to create Network IPS exceptions for Host Intrusion Prevention KB77236

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Highlighted
a2wa2
Level 8
Report Inappropriate Content
Message 3 of 4

Re: HIP exception

Jump to solution

very thanks

Re: HIP exception

Jump to solution

I did a presentation about HIPS configuration last year.

http://www.slideshare.net/KyleTaylor24/kyle-taylor-increasing-your-security-posture-using-mc-afee-ep...

It has some tips on using HIPS with Code Signatures to cripple attacks....

However...port scans are tricky if you have printers...vulnerability scanners...etc...you have to exempt by user or machine probably.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community