Knowledge Center

List of Host Intrusion Prevention 8.0 event IDs
Technical Articles ID:   KB65559
Last Modified:  7/1/2019


McAfee ePolicy Orchestrator (ePO) 5.x
McAfee Host Intrusion Prevention (Host IPS) 8.0


Every Host IPS client event sent to ePO has one of the following ePO event ID types:
Event ID Description Priority Scoring 
18000 Host intrusion detected and handled     Depends on the triggered signature's assigned severity:
  •     Disabled -> No event
  •     Info -> Informational
  •     Low -> Warning
  •     Medium -> Minor
  •     High -> Major
18001 Network intrusion detected and handled
  • Major
18002 Application blocked <no ePO events>
18003 Failed Quarantine check (Trusted Source Block) 
  • Informational
18006 Timed Group Enabled / Expired (see the second bullet in the following Notes)
  • Informational
18007 Policy Load Status
  • Policy corrupted -> Critical
  • Corruption Cleared -> Informational
18999 The IPS Event table is full. Further events are ignored until events are archived. <Not generated by HIP Client>
  • There are no firewall blocking events sent back to ePO because of excessive bandwidth.
  • New functionality was introduced in Host IPS 8.0 Patch 4. For more information, see "Reporting for timed groups usage" in the Host IPS 8.0 Patch 4 Release Notes (PD25043). This functionality is related to Network IPS Signature 6025 - Timed Group Enabled / Expired.  

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.