Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1825 Views 6 Replies Latest reply: Feb 28, 2011 11:07 PM by mcuser999 RSS
mcuser999 Newcomer 25 posts since
Feb 28, 2011
Currently Being Moderated

Feb 28, 2011 12:59 PM

McAfee HIPS 7.0.0 (Firewall question only)

I am running McAfee HIPS firewall, and I need to create some rules outgoing/incoming only for the applications that are running or planned to be running on my system. How can I create a pre-defined rule policy for these apps without going into each and every .EXE file names (using Browse) under Program Files directory? This firewall is very very "noisy" when in learn Mode when it comes to running each application and I want to lessen this by creating a rule that can stop these popups before I run these programs. So, I need to create a rule only for the apps that are planned or on my system already and exclude all others trying to penetrate the system.

 

Of course, I can be running it in Learn Mode the first time and then enabling the reguler protection after, but I would then have to run every single program in order for the firewall rules to recognize all of them on which apps to allow. This can take alot of time though.

 

So, basically, I want to have the greatest protection when it comes to firewall policies without seeing all of these constant popup alert warnings.

 

Thanks in advance!

  • Kary Tankink McAfee Employee 659 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Feb 28, 2011 1:08 PM (in response to mcuser999)
    McAfee HIPS 7.0.0 (Firewall question only)

    Adaptive mode can help you here.  It does the same thing as Learn mode, but doesn't constantly prompt the user to make a decision.  Also, see page 14 of the Host IPS Best Practices Guide.

     

    PD20748 - Host Prevention 7.x Adaptive Mode

    PD20796 - Adopting Host Intrusion Prevention - Best practices for quick success

  • mtareiq McAfee SME 21 posts since
    Jan 5, 2010
    Currently Being Moderated
    3. Feb 28, 2011 1:35 PM (in response to mcuser999)
    McAfee HIPS 7.0.0 (Firewall question only)

    Add rules for Skype in your fw policy applied to the end nodes and enforce the policy. Learn Mode shouldn't pop up if your system has a rule in your applied policy already.

  • mtareiq McAfee SME 21 posts since
    Jan 5, 2010
    Currently Being Moderated
    5. Feb 28, 2011 2:05 PM (in response to mcuser999)
    McAfee HIPS 7.0.0 (Firewall question only)

    Send a TCPView (sysinternals.com) snap shot of a working skype converstaion (without the fw) and we'll suggest firewall rules accordingly. Or, you can open a case with HIPS support for further assistance.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points