Title

(U//FOUO) The HIPS policy for High Severity is set correctly. (Cat I impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls ePO agents. From the ePO server console, select the asset to be checked, then select ‘Policies,’ followed by ‘Host Intrusion Prevention 7:IPS’ from the product list. From the ‘IPS Protection’ category, select the applicable policy. From the Reaction Based on Signature Protection Level section, ensure that for the Severity level of ‘High,’ the reaction is set to ‘Prevent.’ If it is not set to ‘Prevent,’ this is a finding.

Fix Text

(U//FOUO) From the ePO server console, select the applicable policy to be checked for HIPS for the ePO server. Select IPS Protection. From the IPS Protection tab, ensure that for the Severity level of “High” the reaction is set to “Prevent”.

Additional Identifiers

Rule ID: SV-15165r1_rule

Vulnerability ID: V-14547

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.