Moved to HIPs for faster response..
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions
Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.
users can not disable the firewall unless they know the password to unlock it, you should change the default password for the unlock if you do not want users to disable it. I am assuming that the firewall option is enabled via epo for you clients.
Thank you - thats what I thought I just wanted to confirm it
users can not disable the firewall unless they know the password to unlock it
If you have enabled the option HIPS 8 General -> ClientUI -> Advanced options -> Allow disabling of features from the tray icon, then users can disable IPS and/or FW without the HIPS administrator or time-based password.