The Host IPS Firewall is stateful and offers location awareness and other advanced features, including IP Reputation filtering, part of McAfee’s Global Threat Intelligence (GTI). The firewall uses GTI to protect endpoints from botnets, distributed denial-of-service (DDoS) attacks, advanced persistent threats, and risky web connections.
McAfee collects data from billions of IP addresses and network ports, and calculates a reputation score based on network traffic, including port, destination, protocol, and inbound and outbound connection requests. The score reflects the likelihood that a network connection poses a threat, such as a connection associated with botnet control.
Coupling a single firewall rule with a GTI-only policy lets you immediately receive the benefit of cloud intelligence on known botnets and their command and control centers. This is achieved with little effort, minimal overhead, and no interference with your existing host or network firewall rules.
While coupling desktop firewall with GTI can give you additional benefits it is not a requirement for the firewall.
Follow these steps to assign a policy that simply enables the firewall and sets the sensitivity level for GTI at Medium risk or higher. At this point, no firewall ruleset is active or assigned. Enabling the Firewall and setting GTI to medium risk or higher.
Perhaps you have shied away from Host IPS, feeling that it would be a complex or lengthy process to deploy, or had concern about blocking legitimate processes. By following a logical, systematic approach, you can quickly realize the benefits of deploying Host IPS in your environment. While the policies applied here are sufficient for initial testing, prior to full production deployment you are strongly encouraged to read over the deployment methodology discussed in detail in the: Host IPS 8.0 Installation Guide, pp. 11-26.