Product Guide Self Protection addendum Revision A McAfee Host Intrusion Prevention 8.0
COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel and McAfee logos, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, TrustedSource, VirusScan are trademarks of Intel Corporation or McAfee, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum 2
Contents Preface 4 About this guide... 4 Audience... 4 Conventions... 4 Find product documentation... 5 1 Self Protection 6 1.0 Enable Self Protection... 6 1.1 Setting Client UI general options... 6 2.0 Overview of the Windows Client... 7 2.1 System tray icon menu... 7 2.2 Unlocking the Windows client interface... 7 2.3 About the Self Protection tab... 8
Self Protection About this guide Preface This release adds a new dedicated Self Protection mechanism, independent of the existing Self Protection signatures that are part of McAfee Host IPS. This new feature allows administrators to enable Self Protection even if McAfee Host IPS is disabled, or for those using the Firewall Only version of the product. About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Bold User input, Path, or Code Hypertext Note: Tip: Important/Caution: Warning/Danger: Title of a book, chapter, or topic; introduction of a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program; a code sample. A live link to a topic or to a website. Additional information, like an alternate method of accessing an option. Suggestions and recommendations. Valuable advice to protect your computer system, software installation, network, business, or data. Critical advice to prevent bodily harm when using a hardware product. McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum 4
Self Protection Find product documentation Find product documentation On the ServicePortal, you can find information about a released product, including product documentation, technical articles, and more. 1 Go to the ServicePortal at http://support.mcafee.com and click the Knowledge Center tab. 2 In the Knowledge Base pane under Content Source, click Product Documentation. 3 Select a product and version, then click Search to display a list of documents. 5 McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum
1 Self Protection Contents 1.0 Enable Self Protection 2.0 Overview of the Windows Client 1.0 Enable Self Protection The Client UI General Settings policy enables the Self Protection settings. 1.1 Setting Client UI general options Configure settings on the General Settings tab of the Client UI policy to set the Self Protection options for Windows clients only. 1. Click the General Settings tab of the Client UI policy and under Display options select the option to Enable Self Protection. NOTE: Users who need to temporarily turn off a Host Intrusion Prevention feature to access a legitimate but blocked application or network site, they can use the Host Intrusion Prevention tray icon menu to disable a feature without opening the client console. The disabled feature remains disabled until restored by the menu command or the next policy enforcement. Note the following: Disabling IPS disables both host IPS and network IPS protection. If the Client UI is unlocked, the menu commands have no effect. For this feature, select to display the icon, then on the Advanced Options tab, select Allow disabling of features from the tray icon and select any or all of the features to be disabled. 2.0 Overview of the Windows Client Direct client-side management of the Host Intrusion Prevention Windows client is available through a client console. To display it, use the McAfee tray icon menu, or run McAfeeFire.exe in C:\Program Files\McAfee\Host Intrusion Prevention. When the client console first appears, options are locked and you can only view current settings. For complete control of all settings in the console, unlock the interface with a password. For details on creating and using passwords, see Setting Client UI advanced options and passwords under Configuring General Policies in the McAfee Host Intrusion Prevention 8.0 Product Guide for epolicy Orchestrator 4.5. 6 McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum
Self Protection 2.0 Overview of the Windows Client 2.1 System tray icon menu When the McAfee icon appears in the system tray, it provides access to the Host IPS client console. Functionality differs depending on the version of the McAfee Agent that is installed on the client. Right-click the McAfee Agent icon in the system tray, then select Manage Features Host Intrusion Prevention to open the console. NOTE: Both the McAfee Agent and the Host IPS client must be set to display an icon for this access. If the McAfee Agent does not appear in the system tray, there is no access to Host IPS with a system tray icon, even though the client may be set to display a tray icon. Under Quick Settings, these Host Intrusion Prevention options are available if the Allow disabling of features from the tray icon option is selected in an applied Client UI policy: Table 12: McAfee Agent menu Quick Settings Click... Self Protection Host IPS Network IPS Firewall To do this... Toggle Self Protection on and off. Toggle Host IPS protection on and off. Toggle Network IPS protection on and off Toggle Firewall protection on and off. Also under Quick Settings, if the Enable timed group from McAfee tray icon menu option on the Schedule tab is selected for a firewall group in an applied Firewall Rules policy, these additional commands are available: Table 13: McAfee Agent menu with Enable timed group Click... To do this... Enable timed firewall groups Enable timed firewall groups for a set amount of time to allow non-network access to the Internet before rules restricting access are applied. Each time you select this command, you reset the time for the groups. View Host IPS Timed Firewall Groups Status View the names of the timed groups and the amount of time remaining for each group to be active. 2.2 Unlocking the Windows client interface An administrator remotely managing Host Intrusion Prevention using epolicy Orchestrator can password protect the interface to prevent accidental changes. Fixed passwords that do not expire and temporary time-based passwords, allow an administrator or user to temporarily unlock the interface and make changes. McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum 7
Self Protection 2.0 Overview of the Windows Client Before you begin Be sure that the Host IPS General: Client UI policy, which contains the password settings, has been applied to the client. This occurs at the scheduled policy update or by forcing an immediate policy update. The client does not recognize the password until the policy update takes place. 1 Obtain a password from the Host Intrusion Prevention administrator. NOTE: For details on creating a password, see Setting Client UI advanced options and passwords under Configuring General Policies in the McAfee Host Intrusion Prevention 8.0 Product Guide for epolicy Orchestrator 4.5. 2 Open the client console, and select Unlock User Interface. 3 In the Login dialog box, type the password and click OK. 2.3 About the Self Protection tab Use the Self Protection Policy tab to Enable or Disable the Self Protection feature. From this tab you can enable or disable functionality. Customizing Self Protection Policy options Options on the tab control settings are delivered by the server-side Self Protection policies after the client interface is unlocked. 1 In the Host IPS Client console, click the Self Protection tab. 2 Select or deselect an option as needed. Select... Self Protection To do this... Toggle Self Protection on and off. 8 McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum