Host Intrusion Prevention 6.1 Product Guide Maintenance
The ePO database contains Host Intrusion Prevention security content data, such as
signatures, which is displayed in Host intrusion Prevention policies. Host Intrusion
Prevention supports multiple versions of client content and code, with the latest
available content appearing in the ePO console. New content is always supported in
subsequent versions, so content updates contain mostly new information or minor
modifications to existing information.
Updates are handled by a content update package. This package contains content
version information and updating scripts. Upon check-in, the package version is
compared to the version of the most recent content information in the database. If the
package is newer, the scripts from this package are extracted and executed. This new
content information is then passed to clients at the next agent-server communication.
The basic process includes checking in the update package to the ePO Repository, and
then sending the updated information to the clients.
Checking in the update package
You can create an ePO server task that automatically checks in content update
packages to the ePO Repository, or you can download an update package and check it
in manually.
To add update packages automatically:
1 Select the ePO server name in the ePO console tree, and click the
Scheduled Tasks
2 Click
Create task.
3 In the Configure New Task pane, type a name for the task, for example, HIP Content
4 From the
Task type list, select Repository Pull.
5 From the
Schedule type list, select a frequency.
6 Click
7 Select the source repository (
McAfeeHttp or McAfeeFtp) and any other available
8 Click
This task downloads the content update package directly from McAfee at the indicated
frequency and adds it to the Repository, updating the database with new Host Intrusion
Prevention content.
Host Intrusion Prevention content updates must be checked into the ePO Repository
for distribution to clients. Host Intrusion Prevention clients should obtain updates only
through communication with the ePO server, and not directly through FTP or HTTP