Title

(U//FOUO) The HIPS policy includes the signature for protection of HIPS preferences. (Cat II impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls ePO agents. For HIPS 6: From the ePO server console, select the applicable policy to be checked for HIPS. Select ‘IPS Rules.’ From the ‘IPS Rules,’ select the ‘Signatures’ tab. Ensure the signature named ‘Protect HIPs’ is present. Verify the following properties also are present on the signature: The severity must be set to ‘high,’ the log status must be set to ‘enabled,’ and the ‘Allow client rules’ must be set to ‘disabled.’ If the signature is not present or any of the properties are set incorrectly, this is a finding. For HIPS 7: This check does not apply.

Fix Text

(U//FOUO) From the ePO server console, select the applicable policy to be checked for HIPS. Select IPS Rules. From the IPS Rules, select the Signatures tab. Ensure the Signature named “Protect HIPs” is present. Verify the following properties also are present on the signature: Set the Severity to high. Set the Log status to enabled. Set the Allow Client Rules to disabled.

Additional Identifiers

Rule ID: SV-15175r1_rule

Vulnerability ID: V-14557

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.