We have deployed HIPS 8.0 to a few test machines basically straight out of the box, with High Threats blocked and Medium and low threats set to log (just to see what we get) but yesterday a couple of these test machines started having an error where explorer.exe continually crashes with the following popup box message
explorer.exe - Apllication Error
The intstruction at "0x05ac10f0" referenced memory at "0x0000000". the memory could not be written
press OK blah..blah....
In the HIPS logs on ePO (4.6.1) we have loads of buffer overflow messages associated with these errors. (thinking this is a buffer overflow problem, we have put the AV 8.8 buffer overlow protection policy in warning mode, but that didnt stop it from happening)
The events logs in EPO show BlueCoat Proxy client as the recipient or instigator of ths problem (i'm unsure which, yet)
Disabling HIPS stops these errors
I have two questions really,
1) is this normally behaviour for HIPS (i'm sure not, but just want confirmation)
2) I'm am not using adaptive mode of HIPS, would it be an idea to switch it on and see if we can create an exception to whatever is happening here. (i'm fairly new to HIPS)
plus any other pointer would be gratefully received
A compatibility issue has been recently discovered between Host IPS 8.0 and Bluecoat Proxy software. Please contact McAfee Support for more details.