2 Replies Latest reply: Dec 21, 2012 5:12 AM by jj4sec RSS

    Connection/domain awareness


      I miss an option in HIPS to check if the machine can connect to the domain or not.

      In microsoft FW it is possible to configure rules if the machine is domain connected or not and this is a very strong feature.

      I this possible with McAfee ?

      Does someone know if the Microsoft feature is someware available in the registry and if I can use that key to create connection aware rules ?

        • 1. Re: Connection/domain awareness



          I believe the feature you are referring to is called Connection Aware Group (CAG) in HIPS 7 or Connection Isolation Group (CIG) in HIPS 8. It is thoroughly referenced in the product documentation:


          HIPS 7: https://kc.mcafee.com/corporate/index?page=content&id=PD20107

          HIPS 8: https://kc.mcafee.com/corporate/index?page=content&id=PD22894


          You can use this feature to create rule groups that follow a specific set of connection parameters such as:


          - IP Address

          - DNS Search Suffix

          - Default Gateway

          - DNS Server

          - DHCP Server

          - WINS Server


          You have a lot of options here but none that would directly reference domain connectivity. It would only be inferred by the above parameters but should work in most instances as, if the machines are connected to a specific domain, they should have a unique parameter from thst list above that could designate them as part of the domain.


          Hope this helps!




          • 2. Re: Connection/domain awareness

            Thanks for the answer



            It is indeed connection aware groups I refer to but the options are not "domain aware" and can be faked.

            Our company policy is that no internet connectivity is allowed except via the company internet infrastructure, security and logging.

            This is very difficult to implement with the McAfee options an even impossible if it must be impossible to bypass by intelligent IT people.