I am currently having a problem running HIPS 7 on Windows 2000 server machines. We logged this issue with McAfee support back in July, but as yet they have been unable to come up with a solution.
What happens is that HIPS firewall prevents any logon to the server. The machine will not logon and displays the 'Applying your personal settings...' dialog box. The only way to get logged on to the server is to disable the HIPS firewall using ePolicy Orchestrator. This behaviour is intermittent, and we can re-enable the firewall and log off and back on again without any problems. The server might be ok for an hour, or a day, but eventually the problem will reappear. Rebooting the server will also clear the problem, but again only temporarily.
We have tried opening up the firewall with an allow all rule, also putting the firewall on learn mode, but it doesn't appear to be a rule that is causing the problem.
We have applied the latest HIPS patches and the latest agent but nothing has helped.
We have supplied McAfee with no end of log and dump files, but they simply can't find anything wrong.
Has anyone come across this issue before, or have an idea what might be causing it?
As you know, HIPs has many components. I'm not sure if you have already, but have you tried isolating the individual components of HIPs to determine the component causing this issue?
Please go to the McAfee Service Portal HERE and click on "Search The Knowledge Base". Search for article KB54960.
This article will guide you through component isolation. It may take some time but it could lead to you being able to confirm exactly what the cause is.
Hope this helps.
Thanks for your reply Mo. We have already isolated the problem as being a firewall issue. The problem ocures with only the firewall component enabled, and not if it is disabled.
By the way Mo, you have been one of the many support engineers that have been involved in trying to find us a solution.