Clientcontrol.exe utility
C client rules
Firewall64, 71
creating, with adaptive and learn modes10
creatng exceptions32
Firewall64, 71
Host IPS queries13
IPS36
IPS Rules policy, overview50
Client UI policy about8
configuring74
define74
General tab, configuring75
options83
overview73
passwords75
tray icon control, configuring75
troubleshooting76
ClientControl utility
command-line syntax144
function and setup144
stopping services144
using to troubleshoot144
clients
analyzing data on Host IPS clients19
Linux (See Linux client)97
naming conventions for Host IPS19
queries for groups of13
Solaris (See Solaris client)94
tuning Host IPS19
updating with task or agent wake-up call28
Windows (See Windows client)81
working with, in Host IPS19
command-line options
ClientControl.exe, upgrade automation84
Solaris client, restarting96
stopping and restarting Linux client99
stopping the Solaris client96
verifying Linux client is running99
verifying Solaris client is running96
compliance
configuring Host IPS dashboards to view17
custom signatures common sections102
directives vaild on Windows123
directives valid on Linux134
directives valid on Solaris134
Linux127
custom signatures(continued) Linux, UNIX_file (Files)127
Linux, UNIX_misc131
optional sections104
overview for Linux and Solaris127
overview for Windows107
rule structure101
section value variables104
Solaris127
Solaris, UNIX_apache (HTTP)130
Solaris, UNIX_bo132
Solaris, UNIX_file (Files)127
Solaris, UNIX_GUID133
Solaris, UNIX_map133
Solaris, UNIX_misc131
wildcards104
Windows, Buffer Overflow107
Windows, directives per platform123
Windows, Files108
Windows, Hook111
Windows, Illegal113
Windows, Illegal API Use112
Windows, Isapi113 Windows, Program116 Windows, Registry117 Windows, Services120 Windows, SQL122 D dashboards
default Host IPS monitors12
managing information in Host IPS12
queries and Host Intrusion Prevention10
viewing compliance and Host IPS issues17
deployment
Host IPS policies and10
initial Host IPS client rollout19
server tasks for Host IPS23
usage profiles in Host IPS10
DNS blocking rules creating and editing70
E
effective policy
with multiple-instance policies38
enveloping and shielding30
events, Host IPS
automatic responses26
analyzing and tuning10
automatic responses26
behavioral rules32
exceptions32
firewall, activity logs93
intrusion alerts, responding to86
IPS Rules policy36
logging and IPS Events tab33
managing48
signature violations33
working with47
exception rules about32
aggregation and client rules50
automatic tuning20
configuring IPS Rules policy46
Create Exception86
exception rules(continued) creating47
creating, based on an event47
defined10
editing IPS policies89
events and47
IPS Rules policy36, 46
list, Windows client and88
working with46
F
false positives
exceptions and IPS Rules policy46
Trusted Applications policy, reducing78
tuning Host IPS policies10
FAQ
adaptive mode21
multiple-instance policies38
filters
Host IPS events and queries10
how firewall stateful filtering works60
querying Host IPS activities13
Firewall DNS Blocking policy about8
define67
overview52
Firewall Options policy TrustedSource66
about8
configuring65
overview52
working with64
Firewall policies, Host IPS feature overview52
firewall protection disable64
enable64
firewall rules
creating and editing69
Firewall Rules policy wildcards72
about8
client rules, managing71
configuring68
define67
groups, creating69
overview52
firewall, Host IPS
stateful packet inspection59, 61
about8
actions, allow and block60
alerts87
client rules13, 64
customizing options90
DNS blocking rules70
Firewall Options, configuring65
firewall rule groups, creating69
firewall rules10, 67, 69
firewall rules list, ordering53
Firewall Rules, configuring68
how firewall rules work53
learn and adaptive modes63
list of rules68, 89, 90
location-aware groups70
firewall, Host IPS(continued) overview52
permissions for23
queries13
rule groups55
rule groups, location-aware55
rules, allow and block53
state table60
stateful filtering, how it works60
stateful packet filtering59
stateful packet inspection59, 61
stateful protocol tracking62
G
General policies, Host IPS feature overview73
permissions for23
Trusted Applications policy page79
global administrators
assigning permission sets23
groups, Host IPS and inheritance9
assigning policies to9
configuration criteria10
deleting policies and inheritance for16
firewall location-aware, creating70
how policies are applied9
H
host intrusion prevention signatures31
Host IPS
activities and dashboards12
basic and advanced protection7
features and categories9
how it works7
how to set and tune protection18
Intrusion Information tab86
permission sets23
policies and their categories9
responding to alerts86
types of policies8
Host IPS Catalog adding to70 contents58 dependencies58 editing70 explanation58 exporting from70 exporting to70 filtering70 using70
Host IPS Property Translator task25
I
information management
analyzing Host IPS client data19
dashboards and queries for Host IPS12
predefined and custom queries for Host IPS13
intrusion prevention (IPS)
adaptive mode and exceptions32
behavioral rules32
client rules13
client rules, overview50
customizing options88
intrusion prevention (IPS)(continued) delivery methods30
editing exception rules89
engines and drivers30
enveloping and shielding30
exceptions32
Firewall logging options85
HIPS, about31
IPS Protection policy35
logging options85
NIPS, about31
overview29
reactions32
signatures, defined31
system call interception30
IP address
configuring trusted networks78
firewall rules and89
location-aware groups55
monitoring blocked hosts91
rule groups55
stateful firewall, IPv4 vs. IPv660
IPS events about33
exceptions, creating47
managing48
overview47
trusted applications, creating47
working with47
IPS Options policy about8 adaptive mode33 configuring34 overview29 preset policies34 working with33 IPS protection disable33 enable33
IPS Protection policy about8
configuring36
overview29
reactions, setting36
severity levels, setting35
working with35
IPS Rules policy wildcards42
about8
application protection rules33, 43, 45
application protection rules, configuring37
configuring37, 45
define36
events, working with47
exception rules46 exceptions, configuring37 logging events33 managing exceptions46 overview29 signatures, configuring37
signatures, working with39
IPS, Host IPS
L
language, Host IPS
setting options for clients83
learn mode about10
Firewall Options policies64
firewall rules63
Firewall Rules policies67
placing Host IPS clients in20
Linux client97, 98, 99
considerations97
overview97
policy enforcement97
stopping and restarting99
troubleshooting98, 99
verifying installation files99
location-aware groups connection isolation56
creating70
log files, Host IPS
Client UI troubleshooting76
firewall activity85
IPS activity85
Linux client, installation history99
Solaris client, installation history96
troubleshooting95, 98
logs
enabling141
FireSvc.log141
for firewall functionality141
for IPS functionality141
HipShield.log141
using for troubleshooting141
M
McAfee Default policy Client UI74 DNS Blocking67 Firewall Options64 Firewall Rules67 Host IPS9 IPS Options33 IPS Protection35 IPS Rules36 Trusted Applications78 Trusted Networks77 McAfee recommendations
contact McAfee support to disable HIPS engine85
group Host IPS clients logically19
group systems by Host IPS criteria10
phased Host IPS deployment19
tune Host IPS default policies17
use IPS Protection to stagger impact of events10
migration policies22
policy version 7 to 822
monitored processes, viewing92
multiple-instance policies effective policy38 FAQ38 use in deployment38 assigning37, 80 My Default policy Client UI74 DNS Blocking67
My Default policy(continued) Firewall Options64 Firewall Rules67 Host IPS9 IPS Options33 IPS Protection35 IPS Rules36 Trusted Applications78 Trusted Networks77 N network adapters
conditions to allow connection55
network intrusion prevention signatures31
NIPS (network intrusion prevention signatures)91
P