Table of Contents
Advertisement
Working with Host Intrusion Prevention Clients
Overview of the Windows client
For this page...
Transport
Applications
Schedule
4
Click Finish to save the new rule.
5
For other edits, do one of the following:
To...
View the details of a rule or
edit a rule
Make a rule active/inactive
Make a copy of an existing rule
Delete a rule
Apply changes immediately
About the Blocked Hosts tab
Use the Blocked Hosts tab to monitor a list of blocked hosts (IP addresses) that is automatically
created when Network IPS (NIPS) protection is enabled. If Create Client Rules is selected in
the IPS Options policy in the ePolicy Orchestrator console, you can add to and edit the list of
blocked hosts.
The blocked hosts list shows all hosts currently blocked by Host Intrusion Prevention. Each line
represents a single host. You can get more information on individual hosts by reading the
information in each column.
Table 18: Blocked Hosts tab
Column
Source
Blocked Reason
Time
Time Remaining
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Enter this information...
The protocol and the local or remote addresses where this rule applies. You
can define an individual address, a range of addresses, a list of specific
addresses, or specify all addresses.
The applications that this rule applies to, including the executable file name.
The schedule, if any, for the rule.
Do this...
Select a rule and click Properties. The firewall rule builder dialog box appears
displaying rule information. If the rule is not in italic, you can edit it.
Select or clear the checkbox next to Enabled on the General page of the firewall
rule. You can also select or clear the checkbox next to the rule in the list.
Select the rule, usually a default rule that cannot be edited, and click Duplicate.
Select a rule and click Remove.
Click Apply. If you do not click this button after making changes, a dialog box
appears asking you to save the changes.
What it shows
The IP address that Host Intrusion Prevention is blocking.
An explanation of why Host Intrusion Prevention is blocking
this address.
If Host Intrusion Prevention added this address to the
list because of an attempted attack on your system, this
column describes the type of attack. If Host Intrusion
Prevention added this address because one of its firewall
rules used the Treat rule match as intrusion option,
this column lists the name of the relevant firewall rule.
If you added this address manually, this column lists only
the IP address that you blocked.
The time and date when you added this address to the
blocked addresses list.
How long Host Intrusion Prevention continues to block this
address.
If you specified an expiration time when you blocked the
address, this column shows the number of minutes left
until Host Intrusion Prevention removes the address from
91
Advertisement
Table of Contents
Troubleshooting
