cancel
Showing results for 
Search instead for 
Did you mean: 
gene0915
Level 9

Anyone playing with HIPS and Vista SP1?

Anyone taken a Vista machine, installed HIPS 7 on it and THEN applied Vista SP1 and HIPS is still ok? (Basically, does HIPS survive the SP upgrade?)

What about this scenario.... install Vista, upgrade to SP1 and then install HIPS 7? Success?
0 Kudos
7 Replies
Raja
Level 9

RE: Anyone playing with HIPS and Vista SP1?

HIP is currently not supported on Vista SP1.
HIP will be adding Vista SP1 and Server 2008 support in the next patch(7.0.0 patch 2).
This patch will be out sometime in June.

If your interested in participating in the initial phase rollout, please open a service request with support to have you name added to the list.
0 Kudos
protector
Level 9

RE: Anyone playing with HIPS and Vista SP1?

HIPS 7 bundled with patch 2 is released and available for download.

P.
0 Kudos
metalhead
Level 12

RE: Anyone playing with HIPS and Vista SP1?

And running fine on Vista SP1 happy
0 Kudos
msonen
Level 7

HIPS7 sp2 with Novell

I am unable to authenticate to the Novell tree since I updated to HIPS 7 Patch 2 in Vista. I looked in the logs but was unable to find any reference to any Novell executables..
0 Kudos
protector
Level 9

RE: HIPS7 sp2 with Novell

Have you determined if it is a specific HIPS module that is causing the issue (HIPS,NIPS, FW, etc.)?
0 Kudos
msonen
Level 7

RE: HIPS7 sp2 with Novell

I'm not sure, I believe that its the application blocking that is doing it. However when I disable just the application creation monitor I get the error "Internal error 0xC7E50014 occurred. Try Again."
When I disable the firewall as well I am able to authenticate.
I am then able to turn everything back on and work as normal.
0 Kudos
protector
Level 9

RE: HIPS7 sp2 with Novell

Are you seeing blocked traffic in the FW activity for the netware traffic? Enable debug logging via ePO for this node. Try disabling Application Blocking all together then test. If the issue still occurs then disable the FW module. At least now we can isolate the module. If it is FW then we can check the activity log to verify blocked traffic and look through the firesvc.log file to see if we are seeing blocked traffic there too. You may just have to create a specific rule for the netware traffic. You may also want to try to put the culprit module in adaptive mode to see if it creates a rule automatically for that traffic. If it does then you can apply it to your effective policy.


Protector.
0 Kudos