cancel
Showing results for 
Search instead for 
Did you mean: 
techchick69
Level 7

Allow executable to run for multiple clients

Good morning,

In need of some help here from you HIPS 8 guru's. 

I need to allow a Juniper SSL VPN client to run on multiple computers for multiple users (i.e. multiple users loggin in with different profiles).  I've created every exception under the sun to allow the junipersetupclient.exe to run within HIPS 8 Trusted Applications and within the Exceptions in the IPS.  I have the "trust for IPS and FW" option checked.

The specific block error is:

Event:  Intrusion

Description:  Juniper Setup Client (JuniperSetupClient.exe)

Path:  C:\USERS\TAYLOGF\APPDATA\ROAMING\JUNIPER NETWORKS\SETUP CLIENT\JUNIPERSETUPCLIENT.EXE

Message:  Attack type:  IE Envelope - Abnormal Program Execution (Sig Id = 2640)

The exception I've created includes the Sig Id of 2640.

The executable path contains C:\USERS\*\APPDATA\ROAMING\JUNIPER NETWORKS\SETUP CLIENT\JUNIPERSETUPCLIENT.EXE

I've had to use the wild card * for the user's profile name as this exception will need to be applied to more than one user.  I've also used ** in place of the one * just to see if that works, and yet the HIPS UI on the client laptop still blocks the executable from running and installing.

I've included None as the Signer.

For the Parameters, I added the domain\Domain Users group as multiple users will need to install this executable on their laptops to access our network remotely.

I've pretty much created every Exception I can think of yet this executable is still getting blocked?  I've created it in HIPS 8 and in HIPS7 (just as a test to see if it works) basically have created this exception in every policy you can think of.

Any ideas?

Any advice is greatly appreciated.

Thanks,

Yvonne

0 Kudos
7 Replies
McAfee Employee

Re: Allow executable to run for multiple clients

You'll need to compare the signature violation (from the ePO console) to the IPS exception you created.  Usually the IPS exception doesn't work due to some details in the IPS exception that are too specific or incorrect.

If you want to post details, I can review it,; if not, please contact McAfee Support to open a Service Request to have it reviewed.

0 Kudos
techchick69
Level 7

Re: Allow executable to run for multiple clients

Hi Kary,

Would you like me to post details (screenshots) of the exceptions I've created?  Please advise.

Thanks!

0 Kudos
McAfee Employee

Re: Allow executable to run for multiple clients

If you want to.  I need to see both the signature violation event, and the exception(s) you created.

0 Kudos
techchick69
Level 7

Re: Allow executable to run for multiple clients

Here you go.  Here is the mcafeefirelog.txt showing the signature violation event and the exceptions I've created.  They are all attached.

Thanks.

0 Kudos
McAfee Employee

Re: Allow executable to run for multiple clients

McAfeeFireLog.txt does not have all the details of the violation.  Pull the violation details from the Hipshield.log file, or the ePO console.  These will list FULL details of the signature violation event, not just a summary of the event.

0 Kudos
McAfee Employee

Re: Allow executable to run for multiple clients

Also, remove the Domain Group parameter.  See if your exception works then.

0 Kudos
techchick69
Level 7

Re: Allow executable to run for multiple clients

Thank you.  I will remove the Domain Users group.  Attached you will find the hipshield.log.  I had to zip it as it is 96MB.

0 Kudos