Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
507 Views 2 Replies Latest reply: Jun 24, 2013 9:02 PM by pwctw RSS
pwctw Newcomer 17 posts since
Oct 23, 2012
Currently Being Moderated

Jun 21, 2013 2:54 AM

What's different between "Trusted Applications" and "Firewall Rules" in HIP

Hi all,

 

If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

 

"Trusted Applications"? or "Firewall Rules"?

 

Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

 

but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

 

Thanks

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

    Firewall rules would be your best bet.

     

     

    Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

     

    but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

     

    Trusted Applications work by allowing an application executable to bypass most of HIPS (not all).

     

    • For Firewall trusts, all OUTGOING IP-based traffic would be allowed for the exectuable.  For all INBOUND-initiated network traffic, you would need to create a firewall rule to allow it.
    • For IPS trusts, most IPS signatures will be bypassed for the trusted application, but not all. For the others, IPS exceptions will be required.

     

    KB71704 - Host Intrusion Prevention Trusted Applications defined

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points