cancel
Showing results for 
Search instead for 
Did you mean: 

Client reporting HIPS blocking Outlook 2007 free/busy searches

I have a user reporting that HIPS is blocking Outlook 2007 free/busy calendar searches. When HIPS is disabled, the search works fine. HIPS enabled, the search fails. I have been unable to find any information in any of the HIPS logs on the client experiencing the problem. There are also no events being reported to EPO.

Any ideas where to look?

Note there is already a firewall rule that permits OUTLOOK.exe in/out for All IP protocols to/from trusted networks.

5 Replies
bgable
Level 11
Report Inappropriate Content
Message 2 of 6

Re: Client reporting HIPS blocking Outlook 2007 free/busy searches

You didn;t mention if they had the FW option enabled.  If so does the issue occur in adaptive mode?

You could check the properties for the Free/Busy options, if they have specified a url to a web server for publishing the info, can you ping the url?

You can also try to enable the option for unsupported protocols, some traffic to/from Outlook could be getting dropped. KB66899

If it only occurs when IPS module is enabled, does it occur when outlook.exe is excluded from the Application Protection list?

Re: Client reporting HIPS blocking Outlook 2007 free/busy searches

Yes, FW was enabled. The URL is available from non-HIPS protected computers. I will look into the KB article you cite and the App Protection list. We are new to HIPS so unsure of all the ins-outs of the application yet. The documentation does not seem really detailed on troubleshooting. Any suggestions on good HIPS troubleshooting methodologies? Where to look in HIPS logs, etc?

Thanks for the feedback.

lrock
Level 9
Report Inappropriate Content
Message 4 of 6

Unable to launch Out of Office Assistant or Outlook Signature (Vista Outlook 2007)

1. Unable to launch Oultook 2007 (Vista) signature when HOST IPS is enabled. When we disable HOST IPS, signature configuration tab comes up.

2. Unable to launch Outlook Out of office Assistance - Outlook 2003/2007 Out Of Office Assistant 'command not available'

Troubleshooting - checked for HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\OFFICE\11.0\OUTLOOK\Resiliency

which was not there on Vista or XP Pro (07office and 03 office)

Also looked at disabled items on Vista - did not see outex.dll as being disabled.

It was there on Outlook 2003 - I enabled it and the Out of Office Assistant launches. Must be missing something with Oultook 2007...

bgable
Level 11
Report Inappropriate Content
Message 5 of 6

Re: Client reporting HIPS blocking Outlook 2007 free/busy searches

Additional external available troubleshooting KBs vailable in the McAfee Knowledge Base:

Third-party application stops working or is impaired after McAfee Host Intrusion Prevention is installed or content is updated.

https://kc.mcafee.com/corporate/index?page=content&id=KB67056

Verifying a successful Host Intrusion Prevention 7.0 Windows agent installation.

https://kc.mcafee.com/corporate/index?page=content&id=KB60078

Isolating a suspect component in Host IPS.

https://kc.mcafee.com/corporate/index?page=content&id=KB54960

Troubleshooting the McAfee Host Intrusion Prevention 7.0 NDIS Intermediate Miniport Adapter.

https://kc.mcafee.com/corporate/index?page=content&id=KB51676

Default Host Intrusion Prevention signatures with logging set to disabled.

https://kc.mcafee.com/corporate/index?page=content&id=KB51374

How to manually uninstall Host Intrusion Prevention Agent 7.0.

https://kc.mcafee.com/corporate/index?page=content&id=KB51699

How to collect tracemon logs for FireHK (NDIS) and FirePM (stateful firewall) drivers at 1F logging level.

https://kc.mcafee.com/corporate/index?page=content&id=KB61033

Host Intrusion Prevention 6.1 and 7.0 agent logging on Solaris.

https://kc.mcafee.com/corporate/index?page=content&id=KB53490

Export Host IPS Policies for Troubleshooting.

https://kc.mcafee.com/corporate/index?page=content&id=KB54942

Host Intrusion Prevention 6.x and 7.0 agent logging and troubleshooting on the Microsoft Windows.

https://kc.mcafee.com/corporate/index?page=content&id=KB51517

How to generate a user-mode dump file for an unresponsive process when Host Intrusion Prevention is enabled.

https://kc.mcafee.com/corporate/index?page=content&id=KB54805

McAfee Host IPS signature content remediation rollback version for troubleshooting.

https://kc.mcafee.com/corporate/index?page=content&id=KB53092

Adjusting McAfee Host Intrusion Prevention Activity Log Size.

https://kc.mcafee.com/corporate/index?page=content&id=KB59968

Information to gather when troubleshooting memory leaks on Windows systems.

https://kc.mcafee.com/corporate/index?page=content&id=KB54401

McAfee Host Security Memory Pool Monitor (Poolmon.exe) allocation tags for troubleshooting kernel mode memory leaks.

https://kc.mcafee.com/corporate/index?page=content&id=KB60905

Supported environments for Host Intrusion Prevention 7.0

https://kc.mcafee.com/corporate/index?page=content&id=KB59820

Re: Client reporting HIPS blocking Outlook 2007 free/busy searches

Excellent list of resources! Thanks!

We found out the issue happened to be with the user account and not the client computer or HIPS. But still thanks for the information. This is very useful!