cancel
Showing results for 
Search instead for 
Did you mean: 
recursive
Level 7

HIPS 7.0 P3 Slow GUI

Hi,

When I try to open HIPS GUI by doubleclicking mcafeefire.exe, it takes around 5 minutes to show up (the window is opened, but content is not shown, and windows says "not responding") when I'm connected to LAN.

If I unplug my ethernet, it shows up in 5 secs!

The version is 7.0.0 Build number 953. Agent version is 3.6.0.603 and epo server is 3.6.1

Any ideas?

PS:This is not limited to 1 client, all deployed clients are experiencing the same issue.

Edit: I've seen that several connection attemps are being made to an IP address with tcp 139 and 445 ports. But the tried ip address is an old file server's ip address, which is not present atm. And then a successful connection is established with another ip address tcp/139 and 445, which is another server, randomly.. Those ip address is not related with any mcafee software.
0 Kudos
5 Replies
Raja
Level 9

RE: HIPS 7.0 P3 Slow GUI

Have you tried launching it from the firetray.exe?

My other question is how did you install HIP? CMA, local install, or third party tool?

-R-
0 Kudos
recursive
Level 7

RE: HIPS 7.0 P3 Slow GUI

Hi,

Thanks for the reply, I've tried firetray.exe, however, it does not do anything. (tray icon is disabled by policy)

HIPS is installed by CMA.
0 Kudos
Raja
Level 9

RE: HIPS 7.0 P3 Slow GUI

Have you turned off all of the HIPs modules?
IPS, application protection, firewall, etc...

If all of the modules are off and it's still occurring, open a ticket with support.

-R-
0 Kudos
recursive
Level 7

RE: HIPS 7.0 P3 Slow GUI

Hi Raja,

I didn't disable any functions of HIPS yet. I've given the tried ip address to a live server as an additional ip, now gui is fine, opening in 10 secs, next step would be capturing the transmitted packets with host and destined server.
0 Kudos
recursive
Level 7

RE: HIPS 7.0 P3 Slow GUI

Results of the packet capture;

When I launch gui, its looking for the shares, and sending GET_DFS_REFERRAL requests to random servers.

The first tried ip address (which was an old server as I described before) was part of our DFS, but not any more.

Google search says its about Virusscan 8.0i , and to correct install patch 11, which is currently lower than our version (8.0i with a higher patch)

I guess its necessary to contact support sad
0 Kudos