cancel
Showing results for 
Search instead for 
Did you mean: 
jbarry
Level 7

Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I am attempting to import HIPS rules from another of my agencies other ePO servers and when  I attempt to import it acts as though it has completed but you can't see the HIPS rules.  The import works for the firewall and general rules but not the IPS rules.  Both servers are using HIPS 8.0, any suggestions on how to accomplish this?

Message was edited by: jbarry on 9/18/13 11:14:53 AM CDT
0 Kudos
1 Solution

Accepted Solutions
timomcd
Level 7

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I recently ran into the same problem. After migrating policies from HIPS7 to HIPS8, then exporting them, extra tab characters were added to the XML file for the rule names. When I tried to import those policies on another machine, there were no error messages in ePO or Orion.log, but the policy never imported. I did a Find and Replace to remove all tabs in the XML, and the import was successful. I don't like to manually edit McAfee's XML files, so I've heard you can also duplicate the policy on the original system, then export the new policy without tabs.

12 Replies
ashedge
Level 9

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

HI Jody Barry,

Go to policy catalog and select the HIPScategory and click export tab it will take full HIPS policies. It not requiredto export single policies. while Importing the policies it will restore thesame policies. If you still facing the problem then I suggest create oneduplicate policies in same epo server and export and delete the same. Againimport the same check whether all rules are replicated or not If still facingproblem then take backup all and rechecking the extension. 

If still you facing issue I suggest log the call with McAfeesupport Team.

0 Kudos
jbarry
Level 7

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I am receiving IPS Rules from another one of my HBSS administrators from her server and trying to import them into my server.  All of her rules/policies imported properly EXCEPT the IPS Rules.  She also sent me just the IPS Rules and the didn't import either.  IWhen I do the IMport of her IPS rules it goes through as though it imported but the do not show up in the Policy Catalog.  So really I guess the question is CAN you import someone else's HIPS IPS Rules???

0 Kudos
McAfee Employee

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

Jody Barry wrote:

CAN you import someone else's HIPS IPS Rules???

Yes, you can.  There might be an invalid rule in the policy that prevents importing it.  Check the ePO Server orion.log for errors when you try to import it.  I would suggest calling into McAfee Support for additional assistance.

0 Kudos
twilliams61
Level 7

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I am having the exact same issue with importing the HIPS IPS rules into ePO 5.1. Everything else imports correctly (options, protection, etc).  It even appears to import successfully.  Yet the  imported HIPS rules don't display in the Policy Catalog.  Orion.log doesn't show any errors either. 

It's like its the "case of the vanishing HIPS rules".  I can re-import the same xml over and over, and it never shows there is a duplicate either. 

0 Kudos
McAfee Employee

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

Check the Orion.log file again for an error similar to this.  Usually I see it due to some invalid rule.

Orion log error (no debug logging required):

0000-00-00 00:00:00,000 INFO  [http-8443-Processor19]services.PolicyImportExportServiceInternal  - PolicySettingsobject with name XXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXX  :xxxxxxxxx-xxxx-xxx-xxxxxxxxxxxx is not found, nopolicy or policy settings will be saved

0 Kudos
timomcd
Level 7

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I recently ran into the same problem. After migrating policies from HIPS7 to HIPS8, then exporting them, extra tab characters were added to the XML file for the rule names. When I tried to import those policies on another machine, there were no error messages in ePO or Orion.log, but the policy never imported. I did a Find and Replace to remove all tabs in the XML, and the import was successful. I don't like to manually edit McAfee's XML files, so I've heard you can also duplicate the policy on the original system, then export the new policy without tabs.

lfah2000
Level 10

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

Are the IPS rules compatible with ePO 5.1.0?

When I import the HIPS extensions, I only see:

Host Intrusion Prevention 8.0: Firewall

Host Intrusion Prevention 8.0: General

The policy set Host Intrusion Prevention 8.0: IPS is not available

When I try to import HostIPSLicense.zip  it gives this error:

Extension HostIPSLicense, version 8.0.0.563 is not compatible with this version of ePolicy Orchestrator

I need the IPS rules.

0 Kudos
twilliams61
Level 7

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

Timomcd, your solutiion was spot on, and solved my problem!  Removing the "tab characters" from the XML file allowed them to fully import into ePO 5.1, without any errors.  Well done sir!

0 Kudos
McAfee Employee

Re: Can not import HIPS IPS Rules into ePO 4.6.6

Jump to solution

I'd be careful about editing the XML file directly; I wouldn't suggest doing it at all.  If the policy gets corrupted in doing this, rebuilding the policy is normally the only solution.  I would try to edit the policy via the GUI to fix those rules (duplicate or modify to fix) vs. manual edits.

0 Kudos