Information about Host IPS signature content updates
Technical Articles ID:
KB53092
Last Modified: 11/5/2020
Last Modified: 11/5/2020
Information about Host IPS signature content updates
Technical Articles ID:
KB53092
Last Modified: 11/5/2020 EnvironmentMcAfee ePolicy Orchestrator (ePO) 5.x
McAfee Host Intrusion Prevention (Host IPS) 8.0 SummaryHost IPS signature content updates for Windows agents are updated on the second Tuesday of every month, usually by 8:00 p.m. PST. These updates are done in correspondence with monthly Microsoft Windows Security Updates (Microsoft
McAfee Labs Security Content Release Notes are viewable online at the following location: http://www.mcafee.com/us/content-release-notes/index.aspx Host IPS Signature Content release notes are viewable online at the following location: https://www.mcafee.com/enterprise/en-us/release-notes/exploit-prevention.html If there is an identified issue related to a new content update, a remediation (or rollback) signature set gets available. The remediation version restores the previous signature content version. It also increments the signature version number within the ePO repository. The increment of the signature version number is required because currently there is no rollback option for Host IPS agent signature updates.
If you require the current content remediation version, contact Technical Support.
To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Related InformationHost IPS protection updates:
Host IPS supports multiple versions of client content and code, with the latest available content displaying in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor changes to existing information. A content update package handles the updates. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to clients at the next agent-server communication. Updates include data associated with the IPS Rules policy (IPS signatures and application protection rules) and the Trusted Applications policy (trusted applications). Because these updates occur in the McAfee Default policy, the policies must be assigned for both IPS Rules and Trusted Applications to take advantage of the updated protection. The basic process includes checking in the update package to the ePO Master Repository, then sending the updated information to the clients. Clients obtain updates only through communication with the ePO server and not directly through FTP or HTTP protocols. NOTE: Always assign the McAfee Default IPS Rules policy and McAfee Default Trusted Applications policy to benefit from any content updates. If you modify these default policies, the change is not overwritten with an update because modified settings in these policies take precedence over default settings. Checking in update packages You can create an ePO pull task that automatically checks in content update packages to the Master Repository. This task downloads the content update package directly from McAfee at the indicated frequency and adds it to the Master Repository, updating the database with new Host IPS content.
Affected ProductsLanguages: |
|