Define Client Functionality; Configuring A Client Ui Policy - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Configuring General Policies

Define client functionality

Define client functionality
The Client UI policy determines how Host IPS clients appear and function. For Windows clients
this includes icon display settings, intrusion event reactions, and access for administrators and
client users. For non-Windows clients, only the password feature for administrative access is
valid.
The options in this policy make it possible to meet the demands of three typical user roles:
User type
Regular
Disconnected
Administrator
The Client UI policy contains a preconfigured policy and an editable My Default policy. You can
view and duplicate the preconfigured policy; you can, create, edit, rename, duplicate, delete,
and export editable custom policies.

Configuring a Client UI policy

Configure the settings in the policy to indicate icon display, intrusion event reactions, and
administrator and client user access on Windows clients and administrator access on
non-Windows clients.
Task
For option definitions, click ? on the page displaying the options.
1 Click Menu | Policy | Policy Catalog and select Host Intrusion Prevention: General
in the Product list and Client UI in the Category list. The list of policies appears.
2 In the Client UI policy list, click Edit under Actions to change the settings for a custom
policy.
3 In the Client UI page, select a tab (General Options, Advanced Options,
Troubleshooting Options) and make any needed changes. See Setting Client UI general
options , Setting Client UI advanced options , or Setting Client UI troubleshooting options
for details.
74 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Functionality
The average user who has the Host Intrusion Prevention client installed on a desktop or
laptop. The Client UI policy enables this user to:
• View the Host Intrusion Prevention client icon in the system tray and launch the client
console.
• Get pop-up intrusion alerts or prevent them.
• Temporarily turn off IPS and firewall protection.
The user, perhaps with a laptop, who is disconnected from the Host Intrusion Prevention
server for a period of time. The user might have technical problems with Host Intrusion
Prevention or need to perform operations without interaction with it. The Client UI policy
enables this user to obtain a time-based password to perform administrative tasks, or to
turn protection features on or off.
An IT administrator for all computers who needs to perform special operations on a client
computer, overriding any administrator-mandated policies. The Client UI policy enables this
user to obtain a non-expiring administrator password to perform administrative tasks.
Administrative tasks for both disconnected and administrator users include:
• Enabling or disabling IPS and Firewall policies.
• Creating additional IPS and Firewall rules if certain legitimate activity is blocked.
NOTE: Administrative policy changes made from the ePolicy Orchestrator console will be
enforced only after the password expires. Client rules created during this time are retained
if allowed by administrative rules.