Yesterday, I noticed that HIPS 7.0 was available for download under our grant number.
Below are the new features.
Release Notes for McAfee® Host Intrusion Prevention 7.0.0
New and updated features in the current release of the software are described below:
* Windows Vista 32-bit and 64-bit support. * Windows 2003 64-bit support. * Terminal Server and multiple user sessions support. * Network Connection Isolation, which prevents undesirable traffic from accessing a designated network via other active network interfaces on a computer, such as a wireless adapter connected to a wi-fi hotspot. * Boot-time quarantine that keeps a computer quarantined and blocks network connections at start-up until a firewall policy is loaded. * Troubleshooting enhancement that allows client troubleshooting to be performed from the ePolicy Orchestrator console. * IPv6 Support: Where an IP address is required, the user interface will accept both IPv4 and IPv6 addresses.
The only problem I've run into is a really complex issue with vmware bridged mode. Basically the firewall isn't acting statefully so I have to manually open up inbound ports to get around the issue (it's at tier III right now and I expect it to be resolved soon). Other than that problem, no issues at all.
We have to manually open whatever port is needed by the specific application for the return response. For example, if I do an outbound dns lookup request I have to have a rule that opens up the port for the inbound reply (53) and this rule has to be for all IPs. If I try to write a rule that targets only the bridged address the reply will get blocked. It's an ugly problem but I expect that we'll get it resolved shortly.
Did you get a response on VMware Bridged Network Stateful Firewall issue?
When I deployed HIPS 7.0 globally for 7000 desktops, now all VMware workstation sessions cannot communicate to other network resources unless either I turn off the firewall or change ethernet settings from Bridged to NAT.
NAT might be the workaround but there are a few VMware sessions that require real IP address that were issued by corporate DHCP server.
If you have any idea or workaround, please let me know. Thanks,