Behavioral rules

Behavioral rules define a profile of legitimate activity. Activity that does not match the profile triggers an event. For example, you can set a rule stating that only a web server process should access web files. If another process attempts to access a web file, this behavioral rule triggers an event.

Host Intrusion Prevention combines the use of signature rules and hard-wired behavioral rules. This hybrid method of identifying attacks detects most known attacks as well as previously unknown or zero-day attacks.

Copyright © 2006 McAfee, Inc. All Rights Reserved.