McAfee UTILITIES 4.0 Guia do Utilizador descarregar pdf (Página 91)

mode, this alert appears only if the Allow Client Rules option is disabled for the signature

that caused the event to occur.

The Intrusion Information tab displays details about the attack that generated the alert,

including a description of the attack, the user/client computer where the attack occurred, the

process involved in the attack, and the time and date when Host Intrusion Prevention intercepted

it. In addition, a generic administrator-specified message can appear.

You can ignore the event by clicking Ignore, or create an exception rule for the event by

clicking Create Exception. The Create Exception button is active only if the Allow Client

Rules option is enabled for the signature that caused the event to occur.

If the alert is the result of a Host IP signature, the exception rule dialog box is prefilled with

the name of the process, user, and signature. You can select All Signatures or All Processes,

but not both. The user name is always included in the exception.

If the alert is the result of a Network IP signature, the exception rule dialog box is prefilled with

the signature name and the host IP address. You can optionally select All Hosts.

In addition, you can click Notify Admin to send information about the event to the Host

Intrusion Prevention administrator. This button is active only if the Allow user to notify

administrator option is enabled in the applied Client UI policy.

Select Do not show any alerts for IPS Events to stop displaying IPS Event alerts. To have

the alerts reappear after selecting this option, select Display pop-up alert in the Options

dialog box.

NOTE: This intrusion alert also appears for firewall intrusions if a firewall rule is matched that

has the Treat rule match as an intrusion option selected.

Responding to Firewall alerts

If you enable firewall protection and the learn mode for either incoming or outgoing traffic,

a firewall alert appears. The Application Information tab displays information about the

application attempting network access, including application name, path, and version. The

Connection Information tab displays information about the traffic protocol, address, and

ports.

Task

1 On the Application Information tab of the alert dialog box, do one of the following:

• Click Deny to block this and all similar traffic.

• Click Allow to permit this and all similar traffic through the firewall

2 Optional: On the Connection Information tab, select options for the new firewall rule:

To do this...Select...

Create a rule to allow or block an application’s traffic over any port or service. If

you do not select this option, the new firewall rule allows or blocks only specific

ports:

Create a firewall application

rule for all ports and

services

• If the intercepted traffic uses a port lower than 1024, the new rule allows or

blocks only that specific port.

• If the traffic uses port 1024 or higher, the new rule allows or blocks the range

of ports from 1024 to 65535.

Create a temporary allow or block rule that is deleted when the application is

closed. If you do not select this options, the new firewall rule is created as a

permanent client rule.

Remove this rule when the

application terminates

Working with Host Intrusion Prevention Clients

Overview of the Windows client

91McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0

1 2 ... 86 87 88 89 90 91 92 93 94 95 96 ... 111 112

Comentários a estes Manuais

Sem comentários

McAfee UTILITIES 4.0 Guia do Utilizador Página 91

Comentários a estes Manuais

Manuais e produtos relacionados com Software McAfee UTILITIES 4.0