Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
892 Views 3 Replies Latest reply: Dec 6, 2012 10:14 AM by Kary Tankink RSS
jason.fraioli Newcomer 2 posts since
Dec 5, 2012
Currently Being Moderated

Dec 5, 2012 3:50 PM

Manually creating IPS exclusions

I am trying to enable application whitelisting and I have some concerns. Is it possible to export the IPS policy, edit the XML manually, and then re-import? It looks as though the <EPOPolicySettings> tag generates a "name" attribute that contains a GUID of some sort. I'm not sure where that GUID is derived, but its existence leads me to believe that manually editing the XML is not going to work. The problem I am trying to solve is how to best achieve application whitelisting without manually creating thousands of entries in an IPS policy.  I could always write a program to automate this for me, but the existence of that GUID in the "name" attribute makes me think that it may not be possible.

 

Thoughts?

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Dec 5, 2012 4:12 PM (in response to jason.fraioli)
    Re: Manually creating IPS exclusions
    Is it possible to export the IPS policy, edit the XML manually, and then re-import?

     

    Making modifications to a XML policy directly (and re-importing) is not supported by McAfee and could cause policy issues.

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    3. Dec 6, 2012 10:14 AM (in response to jason.fraioli)
    Re: Manually creating IPS exclusions

    The only supported method of making rules/exception is via the ePO console.  In HIPS 8.0, you can use criteria to match a number of exectuables, rather than instead each individual exectuable (e.g., match exectuables by path with wildcards, or by digital signer information, i.e., "Trusted all Microsoft-signed applications").  This would help with not having to enter every single executable name/path in, if you choose to use this functionality.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points