Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
466 Views 2 Replies Latest reply: Jan 27, 2014 7:42 AM by epository RSS
epository Apprentice 84 posts since
Jan 23, 2010
Currently Being Moderated

Dec 30, 2013 6:27 AM

HIPS 8.0 DNS Blocking Feature

Are DNS Blocking events logged anywhere?  How can I make a specific query in order to get a report of these events?

 

How can I test this to see if its working?

 

There is also a signature in HIPS - 6042 - that also refers to a DNS Rule violation, but I am not sure exactly what it is checking.

 

Any way to test if Sig 6042 is working?

 

It would be a nice added layer of protection, but I need to see if the "DNS Blocking" events are logged, and what signature 6042 is specifically looking for.

  • Kary Tankink McAfee Employee 655 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Jan 6, 2014 4:07 PM (in response to epository)
    Re: HIPS 8.0 DNS Blocking Feature

    DNS Blocking events are logged locally on HIPS clients only; no ePO events are sent to the ePO server (like other Firewall events, except for TrustedSource and Intrusion events, which are Network IPS events).

     

    I'm not aware of how to test Signature 6042 specifically.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points