Nearly all of my clients have errors in the HipShield log such as 'Could not get process name' or 'Warning: SiReg: Could not open [RegKey_Value]'.
The logs are interspersed with legitimate firings so I can see that the product is working as expected and my thoughts are that the errors are generated where a signature is loaded and perhaps the value (regkey, file etc) doesn't exist? Is this the general concensus, are you all getting errors in the logs and consider this normal?
Secondly, on certain custom created signatures I notice that the value in the log contains double characters, so for example I may have a rule that monitors the db.properties file on my Agent Handler for any attempts to write, rename or delete the file. In the signature the path is %Program Files (x86)%\McAfee\Agent Handler\DB\db.properties, however in the HipShield log that rule errors and the file path is shown as %Program Files (x86)%\\McAfee\\Agent Handler\\DB\db.properties
I know there is a known issue when migrating policies from an older version to a newer, e'g HIPS 7 to HIPS 8 where 'illegal' characters get introduced, but typically these get written to the actual signature itself where as my signature is correct but the output to the log isn't.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.