IPS feature

The IPS (Intrusion Prevention System) feature monitors all system and API calls and blocks those that might result in malicious activity. Host Intrusion Prevention determines which process is using a call, the security context in which the process runs, and the resource being accessed. A kernel-level driver, which receives redirected entries in the user-mode system call table, monitors the system call chain. When calls are made, the driver compares the call request against a database of combined signatures and behavioral rules to determine whether to allow, block, or log an action.

Copyright © 2006 McAfee, Inc. All Rights Reserved.