- Only use Adaptive Mode temporarily on a small number of systems to aid in firewall rules or IPS exception tuning. Choose a representative system or small group of systems (3-5 at most) that represent the functional business units you are creating rules for.
NOTE: This mode can create a large number of client rules on endpoint systems, and can cause significant overhead for the ePO server while processing excessive firewall client adaptive rules.
Click on the McAfee Tray icon, Manage Features , Host Intrusion Prevention
On Epolicy orchestrator create custom rule McAfee hips
Scenario; RDP connect, Internet allow Facebookviever, yadro web site block and another All Application Block
Menu>Policy Catalog>Host Intrusion Prevention 8.0:Firewall > Firewall Rules (Windows, Mac, Linux) > Test policy>
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).