Showing results for 
Search instead for 
Did you mean: 
Level 7

HIPS 7.0 FireSvc.exe in Activity Logs


I'm new to the ePO community, and this may be a very silly question on my part.  I really don't know how to interpret some of the logs properly, so this may be something extremely simple.

This is appearing on all of our networked computers.  If I look under Activity Log I see where the log is filled with the following:

Time    Event                                                   IP Address/User                    Application                                                     Message

XXXX    McAfee Host Intrusion Prevention  NT Authority\Local System  McAfee HIP Main Service (FireSvc.exe)    - Attack type: Protect HIPs

Considering that this is filling up the local machine's HIPS Activity Log, I'm wondering if maybe one of the policies is setup incorrectly.  Is it a problem with hooking and FireSvc.exe? 

Thanks for your time.

0 Kudos
1 Reply
McAfee Employee

Re: HIPS 7.0 FireSvc.exe in Activity Logs

This is an IPS signature violating (Attack type: Protect HIPs), for a signature name called Protect HIPS.  This is a custom signature that may need to be tweaked by the person that wrote it at your company, or IPS exceptions need to be made.

0 Kudos