Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
865 Views 3 Replies Latest reply: Apr 12, 2013 2:12 PM by greatscott RSS
greatscott Champion 287 posts since
Jul 18, 2011
Currently Being Moderated

Apr 10, 2013 9:35 AM

Exception limitations?

Is there a stated limitation on how many parameters can be listed in a single IPS exception, or listed as exceptions within the expert subrule of a custom signature? For example, if I were listing excepted .exes within an expert subrule, how many total can I have?

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Apr 10, 2013 10:42 AM (in response to greatscott)
    Re: Exception limitations?

    There isn't a known limitation on the number of parameters that can be listed, but there is a known ePO limitation (2000) of characters that can be in a subrule.

     

    Also file paths are limited to 100 characters each.

  • petersimmons McAfee Employee 230 posts since
    Dec 22, 2009
    Currently Being Moderated
    2. Apr 11, 2013 8:58 PM (in response to greatscott)
    Re: Exception limitations?

    If you have to ask this question, then you are definitely way off the mark on tuning. The most common deployments of the software (Prevent High) require 0-3 exception total. The next most common deployment (Prevent High + Medium) requires 1-6 exceptions. If you find yourself outside these then I would strongly recommend you take a second look at your testing methodology (i.e actual usability vs. events that happen). Actual usability always wins as software will trigger events that can safely be ignored.

     

    We will attempt to help our customers who have problems but realize that if you find yourself outside those norms about then you might want to start over. There is a whitepaper that was written back around version 6.x that is still true with version 7.x and 8.x. It matches the products design and intended use with the easiest methods to deploy and gain value from the product.

     

    https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 20000/PD20796/en_US/6-cor-hips-bp-001-0608s_2.pdf

     

    And several of the default dashboards now in the product were first featured in that whitepaper. They aren't just fancy screenshots.

     

    We're happy to help but down this path lies madness.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points