cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Although I agree disabling learn/adaptive in your production ruleset is recommended, we should not have to resort to using 3rd party tools such as wireshark or netmon. These learn modes are specifically for this purpose - to learn and create rules properly, allowing granularity with signer signatures if needed.

In my environment I normally have learn disabled, however, for a select few tech users, I enable it for the purpose of picking up rules that need to be added to the prod policy. This is not possible with P2 as I simply cannot run it in this mode.

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

we have the same problem, after upgrading to Patch 2. Why release a patch 2 that makes everything worse ?

We have to use adaptive mode, cause of a Juniper client installer, that updates the laptops automatically. This is so unresponsible, a shame our entreprise uses this crappy products. (and btw: the tray icon also takes miiinutes to appear...)

edit: the firesvc process takes 1 whole cpu core, if you have a dual or quadcore computer

Message was edited by: phreeze on 2/28/13 7:14:51 AM CST
Highlighted
Level 7
Report Inappropriate Content
Message 33 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

phreeze,

a week ago we got a well-working hotfix for this patch. It finally only took half a year to develop a not-that-buggy POC-version of it, though.

Anyway, as it has been released (see https://kc.mcafee.com/corporate/index?page=content&id=KB74505), you would need to raise a service request to McAfee Support and ask for the hotfix.

Highlighted
Level 13
Report Inappropriate Content
Message 34 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Have you seen this KB article? https://kc.mcafee.com/corporate/index?page=content&id=KB71230 I plan to test it in my environment and see what happens.

The mcafee default HIPS firewall policy is nothing like my current policy, think its because my current policy is an upgrade from 7 rather than starting new.

Glad to hear its not just me having fun with Juniper...

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

i've seen it, but i haven't got this problem.

My firesvc log doesn't contain any blocked connection. I didn't configure any blocks beside the standard rules too.

Highlighted
Level 13
Report Inappropriate Content
Message 36 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

I entered a ticket for that POC.... dont seem very keen to give it to me without a MER and print screen of one of the errors.

going to do some testing with that loop back rule and see if that improves VPN connectivity and performance for the systems that were facing it.

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

yes, they always want a MER report, which often says nothing...

i had a problem with a Kingston encrypted drive and a HP Laptop which had a bitlocker encrypted C: partition, and only that C: partition. with the HIP firewall on, the kingston stick wasnt detected anymore after replugging it (only after a dirty remove of the USB stick it was redetected. by using shutdown the kingston tool, the drive wasnt detected anymore cause windows couldnt load/unload the driver...)

i've opened a ticket too, i hope they don't want a MER report, cause i have to add policies in EPO again, which is a pain ...

Highlighted
Level 13
Report Inappropriate Content
Message 38 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Yeah my response was that all of their KB articles mention to try this hotfix roll up, but they would rather I apply policies to a machine to break it just to run an MER....  how is that a good use of anyone's time!

Highlighted

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

just to notice: we got the patch and it solved the Firewall CPU problem. I wonder why we have to ask support and why they do not release it as is...

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 40 of 44

Re: HIPS 8 PATCH 2 (8.0.0.2151) firesvc.exe (CPU30 %) and blocked connection & client freeze

Does someone know when the hotfix mentionned in this post ( Host Intrusion Prevention 8.0.0 Patch 2 Hotfix Rollup 803520 ) will be Public and seen into the EPO software manager module ?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community