Loading...

Knowledge Center


List of Host Intrusion Prevention 8.0 event IDs
Technical Articles ID:   KB65559
Last Modified:  7/1/2019
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee Host Intrusion Prevention (Host IPS) 8.0

Summary

Every Host IPS client event sent to ePO has one of the following ePO event ID types:
 
Event ID Description Priority Scoring 
18000 Host intrusion detected and handled     Depends on the triggered signature's assigned severity:
  •     Disabled -> No event
  •     Info -> Informational
  •     Low -> Warning
  •     Medium -> Minor
  •     High -> Major
18001 Network intrusion detected and handled
  • Major
18002 Application blocked <no ePO events>
18003 Failed Quarantine check (Trusted Source Block) 
  • Informational
18006 Timed Group Enabled / Expired (see the second bullet in the following Notes)
  • Informational
18007 Policy Load Status
  • Policy corrupted -> Critical
  • Corruption Cleared -> Informational
18999 The IPS Event table is full. Further events are ignored until events are archived. <Not generated by HIP Client>
NOTES:
  • There are no firewall blocking events sent back to ePO because of excessive bandwidth.
  • New functionality was introduced in Host IPS 8.0 Patch 4. For more information, see "Reporting for timed groups usage" in the Host IPS 8.0 Patch 4 Release Notes (PD25043). This functionality is related to Network IPS Signature 6025 - Timed Group Enabled / Expired.  

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.