cancel
Showing results for 
Search instead for 
Did you mean: 
SergeM
Level 9
Report Inappropriate Content
Message 1 of 5

HIPS 7 FW rule - cannot edit !?

Hi,

I have a problem on one of my ePO Servers.
The server is running ePO 3.6 (*) and HIPS 7.0. (Not sure whether this post should be in the ePO Threads or here...)

I recently modified two HIPS/Firewall rules and added specific rules for a program. The Program was identified by path (no fingerprint). Thing is the "path" actually only contained the program name, so I updated it to hold the entire path. After I did this, the rule became "uneditable". Whenever I open this rule, I get some unidentified IE script error and a blank screen.

So now I can't edit those two rules.
I tried duplicating the rules to midiy them, it didn't work.

Anyone has an idea about this problem ?

thanks
Serge


(*) I know ePO 3.6 is old, I'm trying to update all old DFW 8.x users to HIPS so I can upgrade the server.
4 Replies
Highlighted
bxs
Level 7
Report Inappropriate Content
Message 2 of 5

RE: HIPS 7 FW rule - cannot edit !?

You didn't inadvertently update Java on that server, did you?

I had a similar issue with the Trusted Networks policy after Java was updated on the server. It was fantastic; after adding a new network and clicking save it completely wiped the policy and made it uneditable. That brought a couple thousand machines to their knees pretty quickly.
SergeM
Level 9
Report Inappropriate Content
Message 3 of 5

RE: HIPS 7 FW rule - cannot edit !?

Thanks for the answer.



I don't think so...
Just checked and Java is at version 6 update 7 (1.6.0-07), so quite old.

I've opened a case with McAfee since this is a big problem here.

RE: HIPS 7 FW rule - cannot edit !?

go back to Java 5...hips policies and epo361 have serious issues with with Java6...

Thankfully in epo4 you won't have to worry about java...maybe one day java will go away completely!
SergeM
Level 9
Report Inappropriate Content
Message 5 of 5

Problem solved, somehow.

Hi,

Thanks, in the end, it wasn't Java... I suspect it was a DB error somewhere(*).

The only workaround I found was to rewrite all those rules...
Had to use a laptop to see what the rules actually were as I couldn't even view the rules on the server... Then rewrote new rules copying the old ones. Luckily I only had about 20 different rulesets.

I managed to also merge a few special cases so as to have less different rulesets. And I did learn a bit about HIPS in the process (also found some weird things, see other thread on localhost handling).

Problem solved, somehow (**).
Serge


(*) I had "DB Full" messages on this server, so I purged and cleaned the evenst from the DB.

(**) I'd opened a case with McAfee support about this. After three days, they just closed the case and considered it solved, even though they never provided any solution :mad:
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community