cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS FW replacement with ENS firewall - contradiction Installation Guide on replacement

Jump to solution

Hi,

PD27564 (McAfee Endpoint Security 10.6.0 - Installation Guide) page 18 states:

"McAfee Endpoint Security Firewall replaces the Host Intrusion Prevention Firewall, and you can also migrate your existing firewall settings to the new firewall. Host Intrusion Prevention (without its firewall module) can run side by side with Endpoint Security Firewall."

and

"You are not required to upgrade to Endpoint Security Firewall or migrate your settings. You can continue to run the McAfee Host IPS Firewall after installing Endpoint Security Firewall. Whenever McAfee Host IPS Firewall is installed and enabled, Endpoint Security Firewall is disabled even if enabled in the policy settings."

The first statement seems to imply that when ENS firewall module is installed, it removes and replaces HIPS FW.  This seems to be backed up by the explicit statement that HIPS (without its FW module) can run side by side with ENS FW.

The second statement seems to imply that HIPS FW is *not* removed, as it advises that both are present on the system.

 

Ultimately - if I have HIPS installed (including FW module), and I install ENS Threat Prevention+Firewall, does this action a)uninstall HIPS FW module or b)leave the HIPS FW module on the system and disable ENS firewall?

 

Cheers,

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: HIPS FW replacement with ENS firewall - contradiction Installation Guide on replacement

Jump to solution

Hi @dmease27 .

PD27564 (McAfee Endpoint Security 10.6.0 - Installation Guide) page 34 states the Deployment task/Command line switch to remove HIPS from the system when ENS is installed.  Use this in the ENS Common package command line section of your McAfee Agent Deployment task to automatically uninstall HIPS during ENS installation.

 

/override"program_name" Overrides and removes the specified conflicting products:
• hips — McAfee Host Intrusion Prevention
Example:
/override"hips"
Removes McAfee Host Intrusion Prevention automatically during installation.

 

Also, the HIPS modules will take precedence over the ENS modules.  If you have both products installed, disable the HIPS modules if you want the ENS modules to be enabled.  If you want to switch back to HIPS, then just enable the HIPS modules again, and it will automatically disable the ENS modules.

HIPS IPS > ENS Exploit Prevention

HIPS Firewall > ENS Firewall

 

 

 

2 Replies
Highlighted
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: HIPS FW replacement with ENS firewall - contradiction Installation Guide on replacement

Jump to solution

You can have ENSFW and HIPS installed at the same time. It will only replace HIPS if  you use a specific parameter during the upgrade/ migration. You can however only have one firewall active - so either ENSFW or HIPS.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: HIPS FW replacement with ENS firewall - contradiction Installation Guide on replacement

Jump to solution

Hi @dmease27 .

PD27564 (McAfee Endpoint Security 10.6.0 - Installation Guide) page 34 states the Deployment task/Command line switch to remove HIPS from the system when ENS is installed.  Use this in the ENS Common package command line section of your McAfee Agent Deployment task to automatically uninstall HIPS during ENS installation.

 

/override"program_name" Overrides and removes the specified conflicting products:
• hips — McAfee Host Intrusion Prevention
Example:
/override"hips"
Removes McAfee Host Intrusion Prevention automatically during installation.

 

Also, the HIPS modules will take precedence over the ENS modules.  If you have both products installed, disable the HIPS modules if you want the ENS modules to be enabled.  If you want to switch back to HIPS, then just enable the HIPS modules again, and it will automatically disable the ENS modules.

HIPS IPS > ENS Exploit Prevention

HIPS Firewall > ENS Firewall

 

 

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community