cancel
Showing results for 
Search instead for 
Did you mean: 
exsult
Level 7

HIPS 7.0 Patch 2 and Windows XP preSP3

Wonder if anyone else seen this issue. We've just began a test rollout of HIPS to our clients. What we've discovered is that after the install machines would start locking up, at least once every couple of hours. Yes, we are doing a reboot after the install.
Turning off IPS portion resolved the issue even though the IPS was running in log high alerts and ignore all else.
We did have a few users that were working just fine though. We traced the difference to those users having Windows XP service pack 3 installed. So with SP3 installed we could turn on the IPS portion and it would work just fine.
Any ideas?
Thx
0 Kudos
4 Replies
Firewall-Joe
Level 9

RE: HIPS 7.0 Patch 2 and Windows XP preSP3

Did you install patch 2 before installing SP3?
What you've described is what happens when you install SP3 first and then install patch 2.

You'll need to download HIP 7.0 patch 2 full agent install and remove what's there and re-intsall it. Otherwise the IPS module will never function properly.

Joe
0 Kudos
exsult
Level 7

Nope

Thanks for your reply.

To answer your question. HIPS product was never upgraded. All of our installs were done with HIPS 7 integrated with Patch2.
So machines that have Windows Service Pack 2 are crashing and the machines having XP Service Pack 3 are working fine.
I have the debug logging enabled so hopefully it's just a signature that needs to be turned off.
0 Kudos
Raja
Level 9

RE: HIPS 7.0 Patch 2 and Windows XP preSP3

There is a difference between crashing and locking up. Is the computer blue screening?
Do you have the computer set to save a full memory dump?

The best way to figure out what's going on is to enable "crash-crtl-scroll" and get a full memory dump to support. When the computer locks up you initiate a blue screen.

How to enable "crash-crtl-scroll", http://support.microsoft.com/kb/Q244139

Engineering will need to look at the dump to see what's going on. More than likely some sort of dead-lock.

-R-
0 Kudos
exsult
Level 7

Found the solution

Thanks for your reply. We've finally narrowed down the problem to a conflict between McAfee HIPS 7 and Citrix EdgeSight 4.5. Apparently EdgeSight is not compatible with it. We've temporarily removed winlogon.exe from the list of protected applications which resolved our problem, until either McAfee or Citrix release a fix for it.
0 Kudos