Knowledge Center

Host Intrusion Prevention Trusted Applications defined
Technical Articles ID:   KB71704
Last Modified:  4/6/2017


McAfee Host Intrusion Prevention (Host IPS) 8.0, 7.0
McAfee Host Intrusion Prevention 7.1 for Linux


Trusted Applications (All platforms) lists applications that are trusted to perform most operations. It is used with the IPS and Firewall features in Host IPS software.
This policy is also a multiple instance policy, which allows for several Trusted Applications policies (instead of a single policy) to be assigned to a system. The effective policy is the result of the merged contents of the policies. If there are conflicting settings, the most protective setting is applied.


The McAfee Default policies for Trusted Applications are automatically updated as part of the content update process. McAfee recommends that you always assign the McAfee Default Trusted Application policy to all clients and create an additional policy instance to customize the behavior of the Trusted Applications policies.


If the Trusted for Firewall option is selected, the Host IPS Client creates a firewall rule at the top of the Firewall Rules policy that allows all outgoing IP Protocols for the process(es) associated with the Trusted Application. This is relevant only if Firewall is enabled.

If the Trusted for IPS option is selected, the Host IPS Client ignores Host IPS signatures when the associated process(es) are from the Trusted Application. This is relevant only if Host IPS is enabled.


NOTE: The following signatures will be triggered whether or not an application is Trusted for IPS:

  • 428
  • 432
  • 801
  • 992
  • 1000
  • 1001
  • 1002
  • 1020
  • 1134
  • 1137
  • 6010
  • 6011
  • 6012
  • 6013
  • 6014
  • 6015
These signatures trigger only on process(es) included in the Host IPS Application Protection list.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.