Title

(U//FOUO) The Host Intrusion Prevention System (HIPS) Firewall must be set for regular protection. (Cat II impact)

Discussion

A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls McAfee Agents. From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall status" section, verify the "Regular protection" option is selected. If the "Regular Protection" option is not selected, this is a finding.

Fix Text

(U//FOUO) From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall status" section, select the "Regular protection" option.

Additional Identifiers

Rule ID: SV-60349r1_rule

Vulnerability ID: V-14561

Group Title: H36920

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.