cancel
Showing results for 
Search instead for 
Did you mean: 
SergeM
Level 9

HIPS 7 FW rule - cannot edit !?

Hi,

I have a problem on one of my ePO Servers.
The server is running ePO 3.6 (*) and HIPS 7.0. (Not sure whether this post should be in the ePO Threads or here...)

I recently modified two HIPS/Firewall rules and added specific rules for a program. The Program was identified by path (no fingerprint). Thing is the "path" actually only contained the program name, so I updated it to hold the entire path. After I did this, the rule became "uneditable". Whenever I open this rule, I get some unidentified IE script error and a blank screen.

So now I can't edit those two rules.
I tried duplicating the rules to midiy them, it didn't work.

Anyone has an idea about this problem ?

thanks
Serge


(*) I know ePO 3.6 is old, I'm trying to update all old DFW 8.x users to HIPS so I can upgrade the server.
0 Kudos
4 Replies
bxs
Level 7

RE: HIPS 7 FW rule - cannot edit !?

You didn't inadvertently update Java on that server, did you?

I had a similar issue with the Trusted Networks policy after Java was updated on the server. It was fantastic; after adding a new network and clicking save it completely wiped the policy and made it uneditable. That brought a couple thousand machines to their knees pretty quickly.
0 Kudos
SergeM
Level 9

RE: HIPS 7 FW rule - cannot edit !?

Thanks for the answer.



I don't think so...
Just checked and Java is at version 6 update 7 (1.6.0-07), so quite old.

I've opened a case with McAfee since this is a big problem here.
0 Kudos
JeffGerard
Level 10

RE: HIPS 7 FW rule - cannot edit !?

go back to Java 5...hips policies and epo361 have serious issues with with Java6...

Thankfully in epo4 you won't have to worry about java...maybe one day java will go away completely!
0 Kudos
SergeM
Level 9

Problem solved, somehow.

Hi,

Thanks, in the end, it wasn't Java... I suspect it was a DB error somewhere(*).

The only workaround I found was to rewrite all those rules...
Had to use a laptop to see what the rules actually were as I couldn't even view the rules on the server... Then rewrote new rules copying the old ones. Luckily I only had about 20 different rulesets.

I managed to also merge a few special cases so as to have less different rulesets. And I did learn a bit about HIPS in the process (also found some weird things, see other thread on localhost handling).

Problem solved, somehow (**).
Serge


(*) I had "DB Full" messages on this server, so I purged and cleaned the evenst from the DB.

(**) I'd opened a case with McAfee support about this. After three days, they just closed the case and considered it solved, even though they never provided any solution :mad:
0 Kudos