cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS 7.0 Patch 6 Windows 2000 login issues with personal Firewall enabled.

Hello we are experiecing issues with windows 2000 machines hanging at the loginscreen with the HIPS firewall enabled.  Machines work wit HIPS IPS on but not with both IPS and Firewall enabled.  Trying to work with McAfee Gold support on this one haven't found a resolution other than to completely disable HIPS services or not enforce firewall.  Firewall rules and options work fine on XP systems.  Is there something that Windows 2000 machines just don't like with HIPS PFW?  I'm at a dead lock on this one and would like URGENT Help

Tags (1)
3 Replies
Highlighted
dvo
Level 9
Report Inappropriate Content
Message 2 of 4

Re: HIPS 7.0 Patch 6 Windows 2000 login issues with personal Firewall enabled.

since the default is for FW to be off, I'll assume you've played around with HIPs policies in ePO

disable the FW or whatever you do to get the windows 2000 to be accessible.

set HIPs\General\Client UI troubleshooting tab policy for the test system to enable DEBUG logging for firewall.

do agent wakup to enforce(make sure local system's HIPs console is closed)

now turn the FW back on and reboot and try to login.  When it gets hung, note the time.  See if you can map to the test system from another system

\\systemname\c$

go to C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention

or you might need to boot to safemode and get the log.

attach here the firesvc.log, let me know the time it hung, and we can try to figure it out together.

also try setting the FW Options to 'learn mode'  and see if there is a block prompt telling you what it is.

also attach an exported copy of your FW rules( if you want to). and i can try to reproduce it.

Message was edited by: dvo on 12/1/09 9:05 AM

Message was edited by: dvo on 12/1/09 9:32 AM

Re: HIPS 7.0 Patch 6 Windows 2000 login issues with personal Firewall enabled.

I can't post the firesvc log up ...  mcafee gold support recommended that i do what you stated.  I have uploaded the logs in that ticket as they are confidential...so if you could look at that ticket number and get the logs...

Message was edited by: sphorton on 12/1/09 9:37 AM

Message was edited by: sphorton on 12/1/09 9:39 AM
bgable
Level 11
Report Inappropriate Content
Message 4 of 4

Re: HIPS 7.0 Patch 6 Windows 2000 login issues with personal Firewall enabled.

Not a known issue that I know of...

However, I would have tried a couple things:

1) allow the option for unsupported protocols in the Firewall policy. (KB53191 in McAfee Knowledge Base)  I haven't worked a W2K case in a while but the OS could have some funky non-IP traffic that the HIP fw is dropping in the bit bucket because we don;t recognize it.  This is most likely the case.

2) run the firewall in adaptive mode to see if any new rules needed to be created.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community