Assigning Multiple Instances Of The Policy - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Configuring General Policies
Define trusted applications
1 On the Trusted Applications policy page, click New Trusted Application to create a new
rule; click Edit under Actions to edit an existing rule.
NOTE: You can also create trusted applications based on an event. For details, see Creating
a trusted application from an event under Configuring IPS Policies .
2 Type or edit the name and indicate the status of the application, including whether the
application is trusted for IPS, firewall, or both.
3 Click New to add an executable for the application.
NOTE: You can add an existing executable from the Host IPS Catalog by clicking Add From
Catalog. For details on the catalog, see How the Host IPS catalog works under Configuring
Firewall Policies .
4 Click OK to save changes.

Assigning multiple instances of the policy

Assigning one or more instances of the policy to a group or system in the ePolicy Orchestrator
System Tree provides for single policy multi-purpose protection.
The IPS Rules policy and the Trusted Applications policy are multiple-instance policies that can
have more than one instance assigned. A multiple-instance policy can be useful for an IIS
Server, for example, where you might apply a general default policy, a server policy, and an
IIS policy, the latter two configured to specifically target systems running as IIS servers. When
assigning multiple instances, you are assigning a union of all the elements in each instance of
the policy.
NOTE: The McAfee Default policy for both IPS Rules and Trusted Applications are updated when
content is update. McAfee recommends that these two policies always be applied to make sure
protection as up to date as possible.
For the policies that have multiple instances, an Effective Policy link appears to provide a view
of the details of the combined policy instances.
Task
For option definitions, click ? in the interface.
1 Click Menu | Systems | System Tree and select a group in the System Tree.
NOTE: For a single system, select a group in the System Tree that contains the system,
then on the Systems tab, select the system and select Actions | Agent | Modify Policies
on a Single System.
2 Under Assigned Policies, select Host Intrusion Prevention 8.0 : IPS/General in the
Product list, and for IPS Rules/Trusted Applications click Edit Assignments.
3 On the Policy Assignment page, click New Policy Instance, and select a policy from
the Assigned Polices list for the additional policy instance. To view the effective or
combined effect of multiple instance rule sets, click View Effective Policy.
4 Click Save to save all changes.
80 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5