3 Replies Latest reply on Jul 16, 2012 10:20 PM by homeless

    How to test HIPS IPS and HIPS firewall if they are working

      How to test HIPS8.0 IPS and HIPS firewall if they are working

        • 1. Re: How to test HIPS IPS and HIPS firewall if they are working
          pierce

          If you right click on the mcafee agent and then select 'manage features' and then 'Host Intrusion Prevention' on an endpoint it will open the HIPS client, then browse to the activity log. You can filter to IPS or Firewall and check both are showing data, I have medium IPS rules set to log so get quite a few IPS events in green which shows its working.

           

          Thanks,

          Pierce

          • 2. Re: How to test HIPS IPS and HIPS firewall if they are working
            Kary Tankink

            As Pierce suggested, open the HIPS Client UI (via the McAfee Agent tray icon or by running McAfeeFire.exe in the HIPS installation directory).  Look in the Activity Log menu. 

             

            IPS events will show as Intrusion events with Attack Type messages (RED if blocked; GREEN if logged only).

            *NOTE: Most IPS events will be sent to the ePO server for further review.  A few signatures do not send ePO events (these are mainly the self-protection signatures; by design).

             

            Firewall events will show as Traffic events with Blocked or Allowed messages. 

            *NOTE: Firewall events are NOT sent back to the ePO server.  This is by design.

             

            Corrected: Intrusion and Traffic Message was edited by: ktankink on 7/11/12 4:47:53 PM CDT
            • 3. Re: How to test HIPS IPS and HIPS firewall if they are working

              Another way to test HIPS and see it in action is to download NMap and run an intense port scan against the system, should light up like a Christmas Tree.