1 Reply Latest reply on May 25, 2010 12:44 PM by bgable

    automatically block network intruder ?

      Dear All

       

      i'm testing McAfee HIPS 7, i've a something is not clear about policy of this. (see NIPS as below)

       

      if i check "enalbe network IPS", and uncheck "automatically block network intruder"   what will happen?

      Does it protect attacked behavior of intruder, but does not terminate and not block network connection of intruder right,

      or it will not protect any attack?

       

      and if i uncheck "retain blocked Host" also. what will happen?

      hip.bmp

        • 1. Re: automatically block network intruder ?
          bgable

          What the rule does depends on how the IPS options are configured. If you select to "Automatically Block Network Intruders", you can specify the period of time to block or block the source IP indefinitely.  You would also enable "Retain Blocked Hosts" to use the parameters specified in the preceding.  If this is not selected, it will block until the next policy refresh. (Same with other NIPS signature triggers)