McAfee UTILITIES 4.0 Guía de usuario Pagina 41
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
applications that use TCP/IP Port 25 typically reserved for email applications, and this action
would be detected by the TCP/IP Port 25 Activity (SMTP) signature. On the other hand, normal
email traffic might also match this signature. When you see this signature, investigate the
process that initiated the event. If the process is one that is not normally associated with email,
like Notepad.exe, you might reasonably suspect that a Trojan was planted. If the process
initiating the event is normally responsible for sending email (Eudora, Netscape, Outlook), create
an exception to that event.
You may also find, for example, that a number of clients are triggering the signature startup
programs, which indicates the modification or creation of a value under the registry keys:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/RunOnce
As the values stored under these keys indicate programs that are started when the computer
starts up, recognition of this signature may indicate that someone is attempting to tamper with
the system. Or it might indicate something as benign as one of your employees installing
RealAudio on their computer. The installation of RealAudio adds the value RealTray to the
Run registry key.
To eliminate the triggering of events every time someone installs authorized software, you
create exceptions to these events. The client will no longer generate events to this authorized
installation.
Filtering and aggregating events
Applying filters generates a list of events that satisfies all of the variables defined in the filter
criteria. The result is a list of events that includes all of the criteria.Aggregating events generates
a list of events grouped by the value associated with each of the variables selected in the Select
columns to aggregate dialog box. The result is a list of events displayed in groups and sorted
by the value associated with the selected variables.
Tasks
Managing IPS events
Managing IPS events
Use this task to analyze IPS events and, in reaction to them, create exceptions or trusted
applications.
NOTE: IPS events also appear on the Event Log tab under Reporting combined with all other
events for all systems. Access to the events tabs under Reporting requires additional permission
sets, including view permissions for Event Log, Systems, and System Tree access.
Task
For option definitions, click ? on the page displaying the options.
1 Go to Reporting | Host IPS | IPS Events.
Configuring IPS Policies
Working with IPS Rules policies
41McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
- Product Guide 1
- Basic protection 8
- Advanced protection 8
- IPS policies 8
- Firewall policies 8
- Policy management 9
- Policy tracking and tuning 10
- Preset protection 11
- Adaptive and learn mode 11
- Dashboards and queries 12
- Managing Your Protection 13
- Management of policies 16
- Where to find policies 17
- Configuring polices 18
- Automatic tuning with clients 19
- Management of systems 20
- Host IPS server tasks 21
- Host IPS protection updates 22
- Checking in update packages 23
- Updating clients with content 23
- Configuring IPS Policies 24
- Behavioral rules 25
- Reactions 26
- Exception rules 26
- Working with IPS signatures 30
- Creating signatures 33
- Creating exception rules 39
- Working with IPS events 40
- Managing IPS events 41
- Managing IPS client rules 43
- Configuring Firewall Policies 45
- Stateful packet filtering 46
- Stateful packet inspection 46
- State table 47
- State table functionality 47
- How firewall rules work 47
- How stateful filtering works 48
- Stateful protocol tracking 49
- Overview of Firewall policies 51
- Firewall client rules 55
- Quarantine policies and rules 55
- 4 Click Save to save changes 60
- Creating firewall rule groups 61
- Configuring General Policies 76
- Unlocking the Windows client 78
- Working with Host Intrusion 81
- Prevention Clients 81
- Creating 85
- System tray icon 86
- Setting client UI options 87
- Client error reporting 88
- Windows client alerts 90
- Responding to Firewall alerts 91
- About the IPS Policy tab 93
- About the Firewall Policy tab 94
- About the Blocked Hosts tab 96
- About the Activity Log tab 98
- Solaris client issues 100
- Client installation issues 100
- Client operations issues 100
- Stopping the Solaris client 101
- Overview of the Linux client 102
- Notes about the Linux client 103
- Linux client issues 103
- Stopping the Linux client 105
- Restarting the Linux client 105
- (continued) 107
Relacionado con productos y manuales para Software McAfee UTILITIES 4.0
Software McAfee QUICKCLEAN 3.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UNINSTALLER 6.0 Guía de usuario
(99 paginas)
(99 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de instalación
(29 paginas)
(29 paginas)
Software McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Especificaciones
(120 paginas)
(120 paginas)
Software McAfee QUICKCLEAN 1.0 Guía de usuario
(41 paginas)
(41 paginas)
Software McAfee UTILITIES 4.0 Manual de usuario
(11 paginas)
(11 paginas)
Software McAfee QUICKCLEAN 1.0 Manual de usuario
(22 paginas)
(22 paginas)
Software McAfee GUARD DOG 2 Guía de usuario
(128 paginas)
(128 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.037 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales