Title

(U//FOUO) The Host Intrusion Prevention System (HIPS) Firewall must not be set to retain client rules. (Cat II impact)

Discussion

A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls McAfee Agents. From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall client rules" section, verify the "Retain existing client rules when this policy is enforced" option is not checked. If the "Retain existing client rules when this policy is enforced" option is checked, this is a finding.

Fix Text

(U//FOUO) From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall client rules" section, uncheck the "Retain existing client rules when this policy is enforced" option.

Additional Identifiers

Rule ID: SV-60359r1_rule

Vulnerability ID: V-14562

Group Title: H36940

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.