cancel
Showing results for 
Search instead for 
Did you mean: 
epository
Level 10

HIPS 8.0 Exception Bug with Digital Signatures

I have noticed when I create an exception with HIPS 8.0, it is messing up the Digital Signature portion.

Usually the Digital Signature has a field delineating the state i.e. "S=California".

However, when HIPS 8.0 creates the exception via the "Create Exception" option, it is writing the Digital Signature as  "ST=California".

After hours of wondering why I had so many events popping despite creating multiple exceptions, I found this anomaly.

We are running HIPS 8 Patch 2, can someone at McAfee look into this and verify it?

0 Kudos
3 Replies
McAfee Employee

Re: HIPS 8.0 Exception Bug with Digital Signatures

KB72290 - Host Intrusion Prevention 8.0 Extension normalizes digital signer data ("S=" is normalized to "ST=")

https://kc.mcafee.com/corporate/index?page=content&id=KB72290

0 Kudos
damageinc
Level 7

Re: HIPS 8.0 Exception Bug with Digital Signatures

So we would only ever need to create exceptions with the "ST=" style, despite there being events that show "S="?

0 Kudos
McAfee Employee

Re: HIPS 8.0 Exception Bug with Digital Signatures

Correct.  The exception will have the ST= in the ePO console, but the S= on the client...per the KB info.

0 Kudos