cancel
Showing results for 
Search instead for 
Did you mean: 
yuems
Level 11

Determine IPS signature policy is applied to client

Hi,

If IPS signature policy is applied to client, how can we determine it locally. Is there a place on the client where we can see signatures and a setting change for a specific signature?

Kind Regards,,

P.S. HIPS 8.0 P4

0 Kudos
4 Replies
fitchsoccer342
Level 13

Re: Determine IPS signature policy is applied to client

Not really, but you can go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\HIP\Config and look through the keys under there; you'll have to dig a bit but you can kind of see the policies that are being applied and exceptions.

yuems
Level 11

Re: Determine IPS signature policy is applied to client

Hi,

What is the path for 32Bit systems?  (HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP\Config\ )
I didn't find anything.

regregips.jpg

0 Kudos
fitchsoccer342
Level 13

Re: Determine IPS signature policy is applied to client

Yeah your in the right place, should be under HKLM\SOFTWARE\Mcafee\HIP

At the top level HIP hive you should be able to see all the reg entries, specifically INSTALLPATH & INSTALLPATH32 which would list the actual 32 bit directory if installs in there.. but weird if you don't see anything under the 32 bit

0 Kudos
yuems
Level 11

Re: Determine IPS signature policy is applied to client

Installpath, Ok
Signatures, Fail

0 Kudos