Setup guide

McAfee ePO

Advanced Suite Installer Product Guide

Page 34 McAfee ePO

Advanced Suite Installer

On-Access General Policies

While the Default for GTI is Medium, the policy for High could be applied to those systems most likely to

encounter malware, such as laptops:

• EASI - Enable GTI for On-Access (High)

Host Intrusion Prevention 8.0: General

Client UI (Windows)

The Initial Testing policy below allows the local user to disable any FW & IPS functions. It would typically

be used during a testing phase. The Production policy removes end user control to prevent tampering in

the future.

• EASI – Initial Testing (pre-deployment)

• EASI – Production

Host Intrusion Prevention 8.0: Firewall

Firewall Options (Windows)

The following policy enables the Firewall and activates GTI protection:

• EASI – Enable FW and GTI

Firewall Rules (Windows)

This policy allows for immediate implementation of McAfee GTI without the need to set any other specific

firewall rules.

• EASI – GTI Only

Host Intrusion Prevention 8.0: IPS

IPS Options

When Host IPS is first installed the protection is not active. You must enable protection in the IPS

Options policy and apply the policy to the client.

This policy enables Host IPS, as well as Network IPS which detects and prevents known network-based

attacks arriving at the host system.

• EASI - HIPS and NIPS enabled

In addition to the policy above, this one adds Adaptive Mode functionality. To automate the creation of

exception rules, clients are placed in Adaptive mode. In this mode, client rules are created without

interaction from the user. After client exception rules are created, you need to carefully analyze them

and decide which to convert to server-mandated policies.

• EASI - HIPS and NIPS enabled (adaptive mode)

A subset of the above, this policy is used to activate Host IPS protection only.

• EASI - HIPS enabled