1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Software
  5. HISCDE-AB-IA - Host Intrusion Prevention
  6. Product manual

Host Ips Logs - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Product guide for use with epolicy orchestrator 4.5
Hide thumbs
Table of Contents

Advertisement

Appendix B — Troubleshooting

Host IPS logs

b
Retest to verify the problem is resolved. If it is, Firewall Incoming and Outgoing Learn
Mode can potentially be associated with the issue.
c
Save a copy of the Activity log and name it Firewall Activity Log LearnINOUT
wProb, for reporting to support.
Test with a Firewall Any Any rule
NOTE:
This step might need to be configured from the ePO management console as it is
imperative that the first rule in the firewall rule list be the Any Any test rule. If other policies
have been configured from the console, they take precedence over the locally created rules.
1
Create a new rule and name it Any Any.
2
Set the Action to Permit.
3
Set the Protocol to IP TCP.
4
Set the Direction to Either.
5
Save the rule. If the rule is created in a policy on the ePO console, move the Any Any rule
to be the first rule in the policy list. If the rule is created locally, ensure no other rules
precedes it.
6
Test the system to determine if the problem recurs. If it does:
a
Disable the Any Any rule.
b
Retest to verify the problem is resolved. If it is, there is probably a configuration error
with the rules.
c
Take a screenshot of the list of firewall on the Firewall Policy tab.
d
Save a copy of the Activity log and name it to Firewall Activity Log AnyAny Test.
e
Export the Host IPS policy settings:
a
b
c
d
7
Click the Firewall Policy tab, deselect the Enable Firewall checkbox, and continue to
the next step.
Test Blocked Hosts Policy
1
Click the Activity Log tab and clear the log.
2
Click the Blocked Hosts tab and remove all blocked hosts from the list.
3
Test the system to determine if the problem recurs. If it does, it is probably not associated
with Blocked Hosts.
If you still have not found the cause of the issue, contact McAfee Support, explain the issue,
and attach data obtained by going through this process.
Host IPS logs
Where are log files located?
All log files are in one of these directories on the client system, depending onthe operating
system:
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Log on to the ePO console.
Navigate to the Policy Catalog object in the ePO System Tree.
Locate Host IPS and expand it.
Click Export all policies.
141

Advertisement

Table of Contents
loading

Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention

Related Content for McAfee HISCDE-AB-IA - Host Intrusion Prevention

This manual is also suitable for:

Host intrusion prevention 8.0

Table of Contents