Title

(U//FOUO) The HIPS policy has enabled Host IPS. (Cat I impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls ePO agents. From the ePO server console, select the asset to be checked, select ‘Policies,’ followed by ‘Host Intrusion Prevention 7:IPS’ from the product list. From the ‘IPS Options’ category, select the applicable policy. From the ‘IPS Options’ section, ensure the ‘Enable Host IPS’ is enabled. If the ‘Enable Host IPS’ is not checked, this is a finding. Also, From the 'IPS Status' section, verify the "Adaptive mode enabled" checkbox is not checked. If the "Adaptive mode enabled" checkbox is checked, this is a finding.

Fix Text

(U//FOUO) From the ePO server console, select the applicable policy to be checked for HIPS for the ePO server. Select IPS Options. From the IPS Options tab, ensure the 'Enable Host IPS' is enabled. Disable the attribute "Adaptive mode enabled".

Additional Identifiers

Rule ID: SV-15161r2_rule

Vulnerability ID: V-14543

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.