Using Adaptive mode to create client rules automatically

Place systems in Adaptive mode so that Firewall can create client rules automatically without user interaction.

Tip: Best practice: Enable Adaptive mode temporarily on a few systems only while tuning Firewall. Enabling this mode might generate many client rules, which the McAfee ePO server must process, negatively affecting performance.

Adaptive mode analyzes events first for the most malicious attacks. If the activity is considered regular and needed for business, Firewall creates client rules. By enabling Adaptive mode on representative clients, you can create a tuning configuration. You can then convert client rules to server-mandated policies. When tuning is complete, turn off Adaptive mode to tighten the system’s protection.

Run client systems in Adaptive mode for at least a week. In this time, client systems encounter all normal activity, including scheduled activity, such as backups or script processing. As activity occurs, Firewall generates events and creates rules.