Creating trusted applications

In tuning a deployment, creating IPS exception rules is one way to reduce false positives. This is not always practical when dealing with several thousand agents or having limited time and resources. A better solution is to create a list of trusted applications, which are applications known to be safe in a particular environment. For example, when you run a backup application, many false positive events can be triggered. To avoid this, make the backup application a trusted application.

 

A trusted application is susceptible to common vulnerabilities such as buffer overflow and illegal use. Therefore, a trusted application is still monitored and can trigger events to prevent exploits.

To create a trusted application:

  1. Do one of the following On the Trusted Application tab:
    • Click Create on the toolbar or the shortcut menu. The New Trusted Application dialog box appears.
    • Select an application in the list and click Duplicate on the toolbar or the shortcut menu. A prefilled Duplicate Trusted Application dialog box appears.
    •  

      You can also create trusted applications based on an event. For details, see Creating event-based exceptions and trusted applications.

  2. On the General tab, enter the name, status, and whether the application is trusted for IPS, firewall and application hooking. For details, click Help.
  3. On the Processes tab, select the processes to apply the trusted application. For details, click Help.
  4. Click OK.

Copyright © 2006 McAfee, Inc. All Rights Reserved.