cancel
Showing results for 
Search instead for 
Did you mean: 
mcGEE
Level 7

Firewall Adaptive Mode

Is there a difference between HIPS on a server versus on a workstation ie. 2003 vs XP?  I know it is the same software but does it perform differently.  I was told by some one that Adaptive mode on a server requires a reboot whereas it does not on a workstation.  I have an issue in that I've installed HIP 7.0 P7 on a windows 2003r2 x64 and all policies are set to adaptive.  What is happening is that the HIPS Firewall is blocking all SQL (TCP-1433) at installation.  Once I rebooted the server the SQL service got added dynamically to the ruleset and is allowed.  Why did it block originally?  This is not good especially if it requires me to reboot the server.

Any thoughts or suggestions?

G.

0 Kudos
3 Replies
sameer172006
Level 12

Re: Firewall Adaptive Mode

mcGee,

Yes there is a difference.

There are 2 versions.

1} HIPS for Servers 2} HIPS for Desktops.

Server version is known as :- HIS> Host Intrusion for Servers.

Desktop version is known as ;- HID > Host Intrusion for Desktops.

The functionalities also differ. You might want to take a look at the products guides to get more info about the same. HID is included with the Total protection for Endpoint versions of the McAfee. The Server version has to be bought seperately.

Sameer

Message was edited by: sameer172006 on 3/25/10 1:58:19 PM CDT
0 Kudos
mcGEE
Level 7

Re: Firewall Adaptive Mode

Yes Sameer, from a Product point of view they are 2 seperate solutions but in actuallity it is the same software.  They share the same product/installation guide as well and unfortuantely, there is no mention of the differences when running on a workstation vs server.

0 Kudos
bgable
Level 11

Re: Firewall Adaptive Mode

If the traffic was inbound, then adaptive mode would not learn the traffic.

You should add the appropriate rule to your applied fw policy.

0 Kudos