2 Replies Latest reply on Mar 4, 2015 10:28 AM by Kary Tankink

    HIPS Configuration

    gcis

      HI Everyone,

       

      I have two questions regarding the McAfee HIPS, I have found these settings and would like to know a few things.

      Setting: Retain existing client rules when the policy is enforced - What does this mean, which policy will be retained.

      Setting: Retain Blocked hosts - What does this mean and why?

        • 1. Re: HIPS Configuration
          ansarias

          Retain existing client rules when the policy is enforced - Rule which has been created locally by adaptive mode will not be purge.

          Retain Blocked hosts - Goes with IPS and it will not be overwrite by ePO policy when machine communicate to ePO console, it will append new block hosts.

          • 2. Re: HIPS Configuration
            Kary Tankink

            From the ePO server console help:

             

             

            Retain blocked hosts

            • Select to allow a client to block a host IP address until the parameters set under 'Automatically block network intruders.' If not selected, the host is blocked only until the next policy enforcement.

             



            Retain existing client rules when this policy is enforced

            • Select to allow clients to keep the client exception rules created on the client when the policy is enforced.

             

            When the McAfee Agent enforces the HIPS policy on a system, the client rules (created by Adaptive/Learn mode, or created manually) will be deleted.  If Adaptive/Learn mode is enabled, the rule might be recreated, if the policy doesn't cover it.