Host IPS supports multiple versions of client content and code, with the latest available content displaying in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor changes to existing information.

A content update package handles the updates. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to clients at the next agent-server communication.

Updates include data associated with the IPS Rules policy (IPS signatures and application protection rules) and the Trusted Applications policy (trusted applications). Because these updates occur in the McAfee Default policy, the policies must be assigned for both IPS Rules and Trusted Applications to take advantage of the updated protection.

The basic process includes checking in the update package to the ePO Master Repository, then sending the updated information to the clients. Clients obtain updates only through communication with the ePO server and not directly through FTP or HTTP protocols.

NOTE: Always assign the McAfee Default IPS Rules policy and McAfee Default Trusted Applications policy to benefit from any content updates. If you modify these default policies, the change is not overwritten with an update because modified settings in these policies take precedence over default settings.
 
Checking in update packages
You can create an ePO pull task that automatically checks in content update packages to the Master Repository. This task downloads the content update package directly from McAfee at the indicated frequency and adds it to the Master Repository, updating the database with new Host IPS content.

1. Log on to the ePO console.
2. Click Menu, Software, Master Repository.
3. Click Actions, Schedule Pull.
4. Name the task, for example, HIP Content Updates, and then click Next.
5. Select each of the following, and then click Next:
   • Repository Pull as the Task type.
   • The source of the package (McAfeeHttp or McAfeeFtp).
   • The branch to receive the package (Current, Previous, Evaluation).
   • A selected package (Host Intrusion Prevention Content).
      
6. Schedule the task as needed, and then click Next.
7. Verify the information, and then click Save.