McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual page 85

Working with Host Intrusion Prevention Clients
Overview of the Windows client
Setting options for IPS logging
As part of troubleshooting you can create IPS activity logs that can be analyzed on the system
or sent to McAfee support to help resolve problems. Use this task to enable IPS logging.
Task
1 In the Host IPS console, select Help | Troubleshooting.
2 Select the IPS message type:
• Debug
• Disabled
• Error
• Information
• Warning
If the message type is set to Disabled, no message is logged.
3 Click OK. The information is written to HipShield.log at C:\Documents and Settings\All
Users\Application Data\McAfee\Host Intrusion Prevention; on Windows Vista and late at
C:\Program Data\McAfee\Host Intrusion Prevention\.
Settings options for Firewall logging
As part of troubleshooting you can create firewall activity logs that can be analyzed on the
system or sent to McAfee support to help resolve problems. Use this task to enable Firewall
logging.
Task
1 In the Host IPS console, select Help | Troubleshooting.
2 Select the Firewall message type:
• Debug
• Disabled
• Error
• Information
• Warning
If the message type is set to Disabled, no message is logged.
3 Click OK. The information is written to FireSvc.log at C:\Documents and Settings\All
Users\Application Data\McAfee\Host Intrusion Prevention\; on Windows Vista and later at
C:\Program Data\McAfee\Host Intrusion Prevention\. After the file reaches 100 MB, a new
file is created.
Disabling Host IPS engines
As part of troubleshooting, you can also disable class engines that protect a client. McAfee
recommends that only administrators communicating with McAfee support use this
troubleshooting procedure. For a better understanding of what each class protects, see the
section on Writing Custom Signatures .
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 85