Configuring the IPS Options policy

The IPS Options policy is the basic on/off switch for IPS protection and the means for placing an agent in Adaptive mode, which allows the agent to retain the exceptions it creates, and automatically blocks network intrusions. Select one of the preset policies or create a new policy.

To configure the IPS Options policy:

  1. Expand the IPS feature, and click Edit on the IPS Options category line.
  2. To apply a preset policy, select it in the policy list. Click the policy name icon to view the settings:
  3. Select this policy...
    For these options...
    (On (McAfee Default))
    • Enable Host IPS
    • Enable Network IPS
    • Automatically Block Network Intruders for 10 minutes
    • Retain Blocked Hosts
    • Retain Client Rules
    (Off)
    • Retain Blocked Hosts
    • Retain Client Rules
    (Adaptive)
    • Enable Host IPS
    • Enable Network IPS
    • Retain Blocked Hosts
    • Enable Adaptive Mode
    • Retain Client Rules

  4. Click Apply.

To create a new IPS Options policy:

  1. Click Edit on the IPS Options category line, and select New Policy in the policy list.
  2. In the Create New Policy dialog box, select the policy to duplicate, type the name of the new policy, and then click OK.
  3.  

    Create a new, duplicate policy when viewing the details of a preset policy by clicking Duplicate at the bottom of the policy dialog box. Type the name of the new policy and indicate whether to assign the policy immediately to the current node.

    The IPS Options dialog box appears.

  4. Select the needed options:
  5. Select...
    To enable...
    Enable Host IPS
    Host IPS protection.
    Enable Network IPS
    Network IPS protection.
    Automatically Block Network Intruders
    A client to block network intrusion attacks automatically for a set period of time. Select Until removed to block an attack until it is removed or for (minutes) to block an attack for a set number of minutes.
    Retain Blocked Hosts
    A client to retain blocked hosts.
    Enable Adaptive Mode
    A client to generate client rules automatically.
    Automatically add high-risk applications to the Application Protection list
    A client to add applications that are open to code injections, and thus high-risk, automatically to the list of protected applications.
    Retain Client Rules
    A client to retain the client rules it created.

  6. Click Apply, and then click Close.
  7. Click Apply on the IPS Options category line.
  8.  

    Policies can be deleted only in the ePolicy Orchestrator Policy Catalog page and only by global administrators.

Copyright © 2006 McAfee, Inc. All Rights Reserved.