If IPS signature policy is applied to client, how can we determine it locally. Is there a place on the client where we can see signatures and a setting change for a specific signature?
P.S. HIPS 8.0 P4
Not really, but you can go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\HIP\Config and look through the keys under there; you'll have to dig a bit but you can kind of see the policies that are being applied and exceptions.
Yeah your in the right place, should be under HKLM\SOFTWARE\Mcafee\HIP
At the top level HIP hive you should be able to see all the reg entries, specifically INSTALLPATH & INSTALLPATH32 which would list the actual 32 bit directory if installs in there.. but weird if you don't see anything under the 32 bit