McAfee UTILITIES 4.0 Guía de usuario Pagina 22
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
1 Describe the rule.
2 Set filters for the rule.
3 Set thresholds for the rule.
4 Create the message to be sent and the type of delivery.
Notification categories
Host Intrusion Prevention supports the following product-specific notification categories:
• Host Intrusion detected and handled
• Network Intrusion detected and handled
• Application blocked
• Quarantined computer update failed
• Unknown
Notifications can be configured for all or none of the Host (or Network) IPS signatures. Host
Intrusion Prevention supports the specification of a single IPS signature ID as the threat or rule
name in the notification rule configuration. By internally mapping the signature ID attribute of
an event to the threat name, a rule is created to uniquely identify an IPS signature.
The specific mappings of Host Intrusion Prevention parameters allowed in the subject/body of
a message include:
Quarantine Event ValuesBlocked Application
Event Values
Host and Network IPS
Events Values
Parameters
nonenoneSignatureIDActual threat or rule names
computer namecomputer nameRemote IP addressSource systems
IP address of computerApplication nameProcess NameAffected objects
Incident timeIncident timeIncident timeTime notification sent
ePO mapping of event IDePO mapping of event IDePO mapping of event IDEvent IDs
noneApplication full pathLocalized Signature Name
(from client computer)
AdditionalInformation
Host IPS protection updates
Host Intrusion Prevention supports multiple versions of client content and code, with the latest
available content appearing in the ePO console. New content is always supported in subsequent
versions, so content updates contain mostly new information or minor modifications to existing
information.
Updates are handled by a content update package. This package contains content version
information and updating scripts. Upon check-in, the package version is compared to the version
of the most recent content information in the database. If the package is newer, the scripts
from this package are extracted and executed. This new content information is then passed to
clients at the next agent-server communication.
NOTE: Host Intrusion Prevention content updates must be checked into the ePO master
repository for distribution to clients. Host Intrusion Prevention clients obtain updates only
through communication with the ePO server, and not directly through FTP or HTTP protocols.
The basic process includes checking in the update package to the ePO master repository, then
sending the updated information to the clients.
Managing Your Protection
Management of systems
McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.022
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.027 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales