IPS Events

An IPS event is triggered when a security violation, as defined by a signature, is detected. For example, Host Intrusion Prevention compares the start of any application against a signature for that operation, which may represent an attack. If a match occurs, an event is generated. If not, perhaps because of an exception to the signature or if the application has been designated as trusted, no event is generated.

When Host Intrusion Prevention recognizes an IPS event, it flags it on the IPS Events tab with one of four severity level criteria: High, Medium, Low, and Information.

 

When two events are triggered by the same operation, the highest reaction is taken.

From the list of events generated, you can determine which events are allowable and which indicate suspicious behavior. To allow events, configure the system with the following:

This fine-tuning process keeps the events that do appear to a minimum, providing more time for analysis of the serious events that occur.

Copyright © 2006 McAfee, Inc. All Rights Reserved.