cancel
Showing results for 
Search instead for 
Did you mean: 
Pinard
Level 8

Can't view or save capture file from Network IPS Event

Jump to solution

I have enable "Create a sniffer capture if possible" in HIPS options. According to the documentation, I should see a log file icon when a capture file is avalable and  I should be able to right clic on it to open or save it. When I do right clic on the Icon, nothing's happening.

When I do export the whole log file, I can see that the events are refering to FirePacket#.cap files but I have no idea where those file should be located.

I am using the french version of HIPS 8.0.0 built 1741 on Windows 7 x64

Thanks

HIPS8_capture_file.jpg

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Can't view or save capture file from Network IPS Event

Jump to solution

The capture .cap files are written to the "C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\McAfee Fire Saved Events\" or "C:\ProgramData\McAfee\Host Intrusion Prevention\McAfee Fire Saved Events\" directory.

The popup will occur for Host IPS signatures (I could not get the popup to work for a Network IPS signature (which is what would create the capture file)).

0 Kudos
2 Replies
McAfee Employee

Can't view or save capture file from Network IPS Event

Jump to solution

The capture .cap files are written to the "C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention\McAfee Fire Saved Events\" or "C:\ProgramData\McAfee\Host Intrusion Prevention\McAfee Fire Saved Events\" directory.

The popup will occur for Host IPS signatures (I could not get the popup to work for a Network IPS signature (which is what would create the capture file)).

0 Kudos
Pinard
Level 8

Can't view or save capture file from Network IPS Event

Jump to solution

I thought that I should be able to right clic on an event in the HIPS GUI to directly get the .cap file. Maybe the french traduction was misleading. Since you told me the path to find those file the problem is solved.

Thank you ktankink

0 Kudos