Best Practices (Firewall Protection) - McAfee TSA00M005PAA - Total Protection Service Product Manual

Using Firewall Protection

Best practices (firewall protection)

To view this report, the Report blocked events option must be enabled on the
NOTE:
Firewall Protection policy tab. When this option is enabled, blocked events are logged for all
computers using the policy.
Select the information that appears in this report
Select this option...
Report period
View
Groups
How to use this report
When you want to...
Display computers or detections
View details about events
View details about a computer
Best practices (firewall protection)
To effectively manage your strategy for guarding against suspicious activity, we recommend
that you proactively track the types of threats being detected and where they are occurring.
1 Check your status emails or the SecurityCenter website for an overview of your account's
status. Ensure that protection is installed on all computers.
2 To centralize management and more easily monitor the types of applications and
communications allowed on client computers, configure client firewall protection settings in
a policy.
3 Use McAfee's recommendations for commonly used, safe Internet applications. When this
option is enabled, applications rated safe on McAfee's www.hackerwatch.org site are approved
automatically, minimizing the need for you or users to approve applications manually.
4 Check the Unrecognized Programs report frequently to monitor the Internet applications
that users are allowing on client computers. If you know some of the applications are safe
and do not want them to be detected as threats, add them to policies.
5 If you want to monitor the inbound communications that firewall protection has blocked,
select the Report blocked events policy option, then check the Inbound Events Blocked
by Firewall report regularly.
98
McAfee Total Protection Service Product Guide
To do this...
Specify the period of time for which to display information. Select from the last
week or one of the last 12 months.
List the computers where inbound events were blocked, the computers where
inbound events originated, or groups containing computers where inbound events
were blocked.
Display all the computers on your account or only the computers in a single group.
Do this...
Click the triangle icon next to a name.
• Under a computer name, show which detections were found.
• Under a detection name, show the computers where it was found.
Click a group name to display computers in that group.
Click a quantity under Events to display the Inbound Event List, which shows
the name of the event, the number of occurrences, and the date on which it was
detected.
Click a computer name to display the Computer Details page, which displays
information about the computer, its service components, and its detections.