McAfee Hips Adaptive Mode

  • Only use Adaptive Mode temporarily on a small number of systems to aid in firewall rules or IPS exception tuning. Choose a representative system or small group of systems (3-5 at most) that represent the functional business units you are creating rules for.
    NOTE: This mode can create a large number of client rules on endpoint systems, and can cause significant overhead for the ePO server while processing excessive firewall client adaptive rules.

Continue reading McAfee Hips Adaptive Mode

How to write custom Rules McAfee hips RDP etc.

On Epolicy orchestrator create custom rule McAfee hips

Scenario; RDP connect, Internet allow  Facebookviever, yadro web site block  and another All Application Block

Menu>Policy Catalog>Host Intrusion Prevention 8.0:Firewall > Firewall Rules (Windows, Mac, Linux) > Test policy>

Continue reading How to write custom Rules McAfee hips RDP etc.

How to write custome rule on McAfee hips

To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):

Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter:  path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).

Continue reading How to write custome rule on McAfee hips