cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 21 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Hi evoco,

in case you have no workaround in place yet, here's ours (I assume that you have only Win7 workstations).

Though this procedure disables HIPS module, it leaves Firewall module intact. So, this lowers the workstation's protection somewhat, but keeps it usable:

1. Seek to "C:\Program Files\McAfee\HostIntrusion Prevention" and launch McAfeeFire.exe.
2. Select Task -> Unlock User Interface -> type your specific pwd (there ought to be one).
3. Click to clear check-boxes "Enable Host IPS" and "Enable Network IPS".
4. Click Apply and minimize "McAfee Host IntrusionPrevention" window.
5. Click Windows start-button, right-click on Computer and select Manage.
6. In the Computer Management window, on the tree-view,expand "Services and Applications" and select "Services".
7. Scroll down to find McAfee Host Intrusion Prevention Service, double-click on it to open its properties.
8. On General tab, from "Startup type" drop-down list, select "Disabled", and click Apply.
9. Reboot your computer. Symptoms should no longer appear.

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Got the same problem here just on Windows 7 devices. With high CPU while using Wireless etc

We too got the patch from tech support. Deployed using ePO. after the patch installed the reported version was 8.0.0.2198 which ties up. Seemed all was ok to start with, but then the high CPU usage for Firesrv.exe started again. We could get it to happen all the time by disconnecting from the corporate network and connecting to a new network.

Windows 7 network selection screen appears and bang firesrv.exe at 100% Vagain.. so for us the patch has not cured anything.

Highlighted
Level 9
Report Inappropriate Content
Message 23 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Are you guys still having the issue ?  I disabled FW and HIPS from ePO until support could look at these machines.  Today when I enable policy on some test machine, the issue will not appear again (go figure). Support wanted some proc and memory dumps.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 24 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Same for us, we received the patch from our local support and tested it on the Seven 64 taht has the trouble.

No change around the CPU trouble. Still at 30% with the Patch 2. If we purge the Hips and then reinstall it in Patch 1 version, no trouble at all

So the hotfix doesn't correct this trouble.

Highlighted
Level 7
Report Inappropriate Content
Message 25 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Hi all,

Does anybody have an (open) case regarding this ? (feel free to PM me the SR number and I'll try to reference them in mine)

@McAfee: Is there a reference to this issue please ? Then we can dig further and resolve this asap.

I don't suppose anybody has some MER logs laying around before/after the install of the Hotfix ? 🙂

Thank you,

Zeb

Highlighted
Level 7
Report Inappropriate Content
Message 26 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Hi all,

we've got an solution to (at least) our problem: for a reason not to mention here, we had Adaptive Mode at enabled state for both HIPS and Firewall. After disabling these, absolutely no symptoms were to notice anymore.

So, our fix was, that we first disabled Adaptive Modes from ePO, enabled McAfee HIP Service, enforced policies, and presto!

What still is left without an answer, is the possible need for the hotfix. Whether it's needed or not, it doesn't cause any harm. Anyway, feel free to try disabling the Adaptive Modes.

Highlighted
Level 13
Report Inappropriate Content
Message 27 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Interesting, we have firewall set to adaptive (IPS enforced) I will give this a try in our environment and see if that helps as well.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 28 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

the same for me. I've desactivated the adaptative mode on the 7 64bits that had the cpu skike and no trouble after installation. But as long as i don't activate the adaptative mode.

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

I guess this also applies to Learn mode as I have the problem with Learn mode rather than adaptive mode. I will try disabling and see as well..

Edit: disabling "Learn Mode" also seems to worked as a workaround.

I sure hope we don't have to wait for Patch 3 for a proper fix for this.

Message was edited by: JeffGerard on 14/11/12 2:28:46 CST PM
Highlighted
Level 10
Report Inappropriate Content
Message 30 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Yes, enabling adaptive mode for any significant length of time can cause severe issues with your deployment. I personally don't recommend using it at all, and instead build your rulesets carefully using alternate methods. Wireshark or Microsoft Network Monitor are excellent tools to use if you are not sure which rules an application needs to operate.

Another example of issues caused by Adaptive Mode is this:

https://kc.mcafee.com/corporate/index?page=content&id=KB71607

Also, in addition to disabling Adaptive Mode, you should also make sure you are not logging for the Firewall traffic that occurs a lot by default. On one of my test policies I had used the Corporate Rules policy and changed the "Untrusted Netbios Traffic" rules to log instead of block. This was causing the Firewall Module to log traffic nearly constantly which filled up the logs much sooner than expected. This caused significant performance issues on the client, and in some cases the firewall seems to have completely stopped logging anything because the file was full (another SR open for why it was not rolling over).

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community