There's a nasty bug in the HIPS deployment on W8 systems. We've found that when 126.96.36.1991 deploys to those machines it causes them to infinitely reboot and because there's no safe mode in W8 we have to format and redo the machines because they never talk back into ePO again. What is strange is we didn't find this with our first wave of W8 test deployments so I'm thinking it might be related to the ePO 5.0 extension update as when we had the base one in place there was no issue but after adding it we started having these endless reboot scenarios. I actually put a couple new W8 machines into their own group and started deploying everything one at a time testing each machine. I left HIPS for last as I had a feeling it was it and as soon as it deploys the boot loops begin. I think HIPS actually installs but it's the 791162 patch that causes the failure on install. Maybe having
803520 active would prevent this but as we know from this thread it has its own issues.
There's a nasty bug in the HIPS deployment on W8 systems. We've found that when 188.8.131.521 deploys to those machines it causes them to infinitely reboot
This reboot issue is caused by a conflict with HIPS 8.0 Patch 2 Host IPS module and Windows 8. Hotfix 803520 resolves this issue. The Host IPS module is disabled by default when you install HIPS 8.0, however, if your policy enables the Host IPS module BEFORE you apply HF803520, you'll get the reboot issue.
Solution for Windows 8:
1. Install HIPS 8.0 Patch 2 (184.108.40.2061) and leave Host IPS DISABLED.
2. Apply HF803520.
3. Reboot the system.
4. Then enable the Host IPS module by policy.
ePO tagging can be used to tag systems without the hotfix to assign a policy where the Host IPS module is disabled. Once the hotfix is applied, a different ePO tag can be applied, assigning a new policy where the Host IPS module is ENABLED.
NOTE: Please remember that Windows 8 is not supported until Host IPS 8.0 Patch 3.
KB76650 - Host Intrusion Prevention 8.0 support for Microsoft Windows 8 and Windows Server 2012
KB77323 - Host Intrusion Prevention 8.0.0 Patch 2 Hotfix Rollup 803520 Release NotesMessage was edited by: ktankink - Spelling correction on 4/4/13 2:00:50 PM CDT
Thanks for the responses...the bad news is that this is Win 7 - not Win8 and keep getting the restart requests...it doesn't force me to reboot but HIPS can't get reinstalled and it's not showing in the system. There are pieces that come back into place when I do a reinstall but no console.
That reboot issue might be due to a HIPS installation failure and your ePO deployment task. If you ePO deployment task is setup to run frequently (At startup or Run at every policy enforcement), and HIPS fails to install, it prompts for a reboot. System reboots, runs deployment task again, fails, reboots...rinse/repeat.
Yep I discovered that a while back and no it's only running once a day. Also as for the deployment task, since it's only my system I decided to just download the installer and apply directly...still an issue.
Thanks for the file path on the log in the temp folder...I'm not sure I've looked here before but will now!
Have you checked to see if the Reboot splash screen is not being deleted during the install process? The file C:\Windows\McAfeeHIP_reboot is created during an upgrade or install. It is supposed to get deleted, but sometimes it isn't so the user will receive the Reboot splash screen. The user restarts the computer and the splash screen pops up again. Deleting that file then running the client task again will end with a successful upgrade/install.
We found this happening a lot when upgrading from HIPS 8 P1 to P2. It's a pain, but pretty much inevitable on some hosts. This is an issue that has been around for several years, and doesn't look to go away anytime soon.
We did see rare instances when, after deleting the file, we still had to reboot a host. But, it was very rare.
We have just released Hotfix 843301 which resolves this issue.
We are in the process of updating McAfee Knowledge Base article KB77809 with this updated information.
I have tested Hotfix 843301 on several of our systems we had test deployed the previous update that was causing issues and the new hotfix is resolving the problems.
We have tried to check in HF 843301 to ePO repository and keep getting the error "required package not found". I've downloaded the HF twice from the KB article.
Do not extract the package, check in the entire .zip package. Also, you will need HIP 8.0 Patch 2 + HF803520 already checked into your repository branch before checking in HF843301.