6 Replies Latest reply on Apr 29, 2010 7:53 AM by KOS_McAfee

    HIPS 7.0 exporting rules?

      I have tested this HIPS 7.0 client on Windows XP Professional. I would like to export rules i have tested and use these rules as default in all machines. How can i export firewall rules from HIPS 7 client?

        • 1. Re: HIPS 7.0 exporting rules?

          Hi Kos_McAfee,

           

           

           

          Where to find policies


          ePolicy Orchestrator provides two locations to view and manage Host Intrusion Prevention
          policies:
          • Systems | System Tree | Policies tab of a selected group in the System Tree
          • Systems | Policy Catalog

           


          Policies tab


          Use the Policies tab to view the policies of a particular feature of the product, view details of
          the policy, view inheritence information, edit policy assignment, and edit custom policies or
          create a new policy relating to a selected group or system.

           

          Policy Catalog


          Use the Policy Catalog to create policies, view and edit policy information, view where a policy
          is assigned, view the settings and owner of a policy, and view assignments where policy
          enforcement is disabled.

           


          To... Do this...
          Create a policy Click New Policy, name it, and edit the settings.
          Edit a policy Click Edit (only available for My Default or custom policies).
          View a policy Click View (only available for McAfee Default or preconfigured policies).
          Click Rename and change the name of the policy (not available for default or preconfigured policies).
          Rename a policy
          Duplicate a policy Click Duplicate, change the name of the policy, and edit the settings.
          Managing Your Protection
          Management of policies
          McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 17


          To... Do this...
          Click Delete (not available for default or preconfigured policies).
          NOTE: When you delete a policy, all groups to which it is currently applied
          inherit the policy of this category from their parent. Before deleting a policy,
          Delete a policy
          look at all of the nodes to which it is assigned, and assign a different policy
          if you don’t want the policy to inherit from the parent. If you delete a policy
          that is applied at the top level, the default policy of this category is applied.
          Click the owner of the policy and select another owner from a list (not available
          for default or preconfigured policies).
          Assign a policy owner

           


          Click Export, then name and save the policy (an XML file) to the desired location.


          Export a policy


          Click Export all policies, then name and save the policy XML file to the
          desired location.
          Export all policies
          Click Import at the top of the Policy Catalog page, select the policy XML file,
          then click OK.
          Import policies
          For details on any of these features, refer to the ePolicy Orchestrator 4.0 documentation.

           

           

          I hope the above helps.

           

           

          Sameer.

           

          Please mark the answer as correct or helpful if it was useful so that others can use it as a ready reference.

          • 2. Re: HIPS 7.0 exporting rules?

            Hello Sameer,

             

            I know how i can export policies from EPO server but i need to know how its done from Windows XP workstation? Situation is this... I have tested this HIPS client in workstation. I have teached rules how to manage with programs. Now everything is like i want it to be and i would like to "upload" these rules to EPO server. So i would like to use these rules like Firewall rules for computers. Is this possible?

            • 3. Re: HIPS 7.0 exporting rules?

              All of the client learned rules should be going back to ePO as properties.  The Property Translator server task should convert these into client rules which you can view and apply to any named policy.  Once you've done that, you can export the policy.  The property Translator task can be run manually or will run automatically every 10 minutes be default.   If you are not seeing any rules coming back, ensure you have the option to retain client rules checked in your policy (this is the default setting).  After applying the rules you want to a named policy, you can uncheck "Retain client rules" and they will clear out after an asci.

              1 of 1 people found this helpful
              • 4. Re: HIPS 7.0 exporting rules?

                Ok i processed the Property Translator server task. Where these rules should be found? Under computers details ( System Details -> Host Intrusion Prevention -> More ) i can see those rules but i cant see exported rules in Policy pages. This should be little easier that this... =)

                • 5. Re: HIPS 7.0 exporting rules?
                  Sudeep Garg

                  Check under Reporting->Host IPS-> IPS Client rules or F/W Client Rules or Application Blocking Client rules

                  Make sure you selcet the correct group.

                   

                  For ePO 4.5: Menu->Reporting->Host IPS->IPS Client rules or F/W Client Rules or Application Blocking Client  rules

                  • 6. Re: HIPS 7.0 exporting rules?

                    Correct answer... Now i found those rules and added rules to policy. Thanks a lot for everybody and specially for Sudeep Garg.