Setup guide
McAfee ePO
Advanced Suite Installer Product Guide
Page 14 McAfee ePO
Advanced Suite Installer
Perhaps you have shied away from Host IPS, feeling that it would be a complex or lengthy process to
deploy, or had concern about blocking legitimate processes. By following a logical, systematic approach,
you can quickly realize the benefits of deploying Host IPS in your environment. While the policies applied
here are sufficient for initial testing, prior to full production deployment you are strongly encouraged to
read over the deployment methodology discussed in detail in the
Host IPS 8.0 Installation Guide, pp. 11-
26.
Kernel Level Host IPS
For the initial stages of this evaluation, you will assign a policy that instructs Host IPS to block High
severity events. This is essential if you plan to use attack tools to test the product’s effectiveness. This
is combined with logging of Medium and Low severity events. Apart from only logging events, this is
often a typical first implementation in live environments.
Enabling Host IPS
Follow these steps to assign a policy that enables Host IPS on your client systems.
1 Click the System Tree button on the favorites bar.
2 Highlight the Workstations group.
3 Click the Assigned Policies tab.
• From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS.
• On the line that lists IPS Options, click Edit Assignment.
• For Inherit from, select Break inheritance and assign the policy and settings below.
• From the Assigned Policy drop-down menu, select EASI – HIPS Enabled.
• Click Save. The policy is now assigned to that group and all its subgroups.
4 Repeat the above steps for your Laptops group.
Setting Protection Level
Follow these steps to assign a policy that blocks High severity events, and logs any of Medium and Low
severity. Logging provides detailed advanced knowledge of which signatures may require exclusions
prior to enforcing block on Medium events, thus guiding accurate policy tuning. One can elevate select
Low severity signatures to Medium later if desired, instead of maintaining all Lows active.
1 Click the System Tree button on the favorites bar.
2 Highlight the Workstations group.
3 Click the Assigned Policies tab.
• From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS.
• On the line that lists IPS Protection, click Edit Assignment.
• For Inherit from, select Break inheritance and assign the policy and settings below.
• From the Assigned Policy drop-down menu, select EASI - Block High Events.
• Click Save. The policy is now assigned to that group and all its subgroups.
4 Repeat the above steps for your Laptops group.
Assigning IPS Rules
As virtual systems are often used for evaluations, assigning this policy facilitates testing by changing
VMWare protection signatures to a severity of Low. The McAfee Default policy maintains these
signatures at their normal severity levels and should be considered before staging in a live environment.
1 Click the System Tree button on the favorites bar.
2 Highlight the Workstations group.
3 Click the Assigned Policies tab.
• From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS.