Showing results for 
Search instead for 
Did you mean: 
Level 9

Errors in HipShield Log


Couple of questions.

Nearly all of my clients have errors in the HipShield log such as 'Could not get process name' or 'Warning: SiReg: Could not open [RegKey_Value]'.

The logs are interspersed with legitimate firings so I can see that the product is working as expected and my thoughts are that the errors are generated where a signature is loaded and perhaps the value (regkey, file etc) doesn't exist? Is this the general concensus, are you all getting errors in the logs and consider this normal?

Secondly, on certain custom created signatures I notice that the value in the log contains double characters, so for example I may have a rule that monitors the file on my Agent Handler for any attempts to write, rename or delete the file. In the signature the path is %Program Files (x86)%\McAfee\Agent Handler\DB\, however in the HipShield log that rule errors and the file path is shown as  %Program Files (x86)%\\McAfee\\Agent Handler\\DB\

I know there is a known issue when migrating policies from an older version to a newer, e'g HIPS 7 to HIPS 8 where 'illegal' characters get introduced, but typically these get written to the actual signature itself where as my signature is correct but the output to the log isn't.

Any ideas on that one?


0 Kudos