Intel Security

McAfee Desktop Firewall Trial Installation & Walkthrough

The Host IPS Firewall is stateful and offers location awareness and other advanced features, including IP Reputation filtering, part of McAfee’s Global Threat Intelligence (GTI). The firewall uses GTI to protect endpoints from botnets, distributed denial-of-service (DDoS) attacks, advanced persistent threats, and risky web connections.

McAfee collects data from billions of IP addresses and network ports, and calculates a reputation score based on network traffic, including port, destination, protocol, and inbound and outbound connection requests. The score reflects the likelihood that a network connection poses a threat, such as a connection associated with botnet control.

Coupling a single firewall rule with a GTI-only policy lets you immediately receive the benefit of cloud intelligence on known botnets and their command and control centers. This is achieved with little effort, minimal overhead, and no interference with your existing host or network firewall rules.

Data Sheet Installation Guide

Trial Installation Requirements

While coupling desktop firewall with GTI can give you additional benefits it is not a requirement for the firewall.

Use Case

Follow these steps to assign a policy that simply enables the firewall and sets the sensitivity level for GTI at Medium risk or higher. At this point, no firewall ruleset is active or assigned. Enabling the Firewall and setting GTI to medium risk or higher.

  1. Click the System Tree button on the favorites bar.
  2. Highlight the Workstations group.
  3. Click the Assigned Policies tab.
    • From the Product drop-down menu, select Host Intrusion Prevention 8.0: Firewall.
    • On the line that lists Firewall Options, click Edit Assignment.
    • For Inherit from, select Break inheritance and assign the policy and settings below.
    • From the Assigned Policy drop-down menu, select POC – Enable FW and GTI.
    • Click Save. The policy is now assigned to that group and all its subgroups.
  4. Repeat the above steps for your Laptops group.

Perhaps you have shied away from Host IPS, feeling that it would be a complex or lengthy process to deploy, or had concern about blocking legitimate processes. By following a logical, systematic approach, you can quickly realize the benefits of deploying Host IPS in your environment. While the policies applied here are sufficient for initial testing, prior to full production deployment you are strongly encouraged to read over the deployment methodology discussed in detail in the: Host IPS 8.0 Installation Guide, pp. 11-26.