I have a query showing endpoints that have HIPS 8 installed, have added some extra columns to show the status of the firewall . hostIPS, Network IPS and what the polices are that have been applied to each HIPS 8 device.
The issue I have out of the 12 devices that we have piloting HIPS only 2 of the devices show the correct infomation. The other 10 only show the product version and hotfix / patch level. For the information of the status of Firewall, Host IPS and Network IPS it shows as Unknown, also the name of the applied policy is blank.
I have checked the information in ePO for each device not showing the correct information and they are all reporting correctly. e.g. shows applied policy and the actually status of the services. It's just the query not showing the correct information .
Any ideas ?
Forgot to say all devices and Windows XP, all running agent 4.5.1852 and all running HIPS 184.108.40.2068
Create a client task within ePO that is an Agent Wakeup. Be sure it has "All properties" selected like this screen shot.
I like to execute this task "at startup" + 10 minutes on all my endpoints. This looks just like a regular wake up call... but it isn't. Try running this task on the endpoints and see if it fixes the issue you are having. Normally this will correct errors with incomplete properties. That sounds like it might be related to your problem. But even if it isn't, this won't actually cause any harm at all.Message was edited by: petersimmons on 10/9/12 12:08:42 AM EDT
For these pilot systems, were the HIPS modules deployed in the same fashion? Meaning were they all HIPS 7 systems upgraded to HIPS 8, or were they new systems with HIPS 8 fresh installs? It may not matter, just trying to discern the differences between the ones that work and those that dont work.
Hey Steve, I would check the managed system properties to ensure that there are no recent/excessive sequence errors. If there are recent/excessive sequence errors, I would either do a reinstall of the agent (c:\program files\mcafee\common framework\frminst.exe /forceuninstall) or mark the system as having a duplicate GUID (from the system properties, Actions > Directory Management > Move GUID to duplicate list and delete system). But whether you have sequence errors or not, I would delete the system from the system tree and force the agent to check back in.
Did you ever get this sorted? we're havnig a similar problem. I have some systems showing status as Disabled or even Unkonwn when running a query. Yet when I drill down in the system properties from the tree it shows IPS Enabled! I have tried completely removing and reinstalling Agent and HIPS, deleting it from the tree and checking in over and over. No fix. Odd!
I have seen this issue as well during testing of HIPS 8 patch 2. Due to some other issues and the many steps it took to get a stable version of HIPS patch 2, we had to pull back the testing and stay with HIPS patch 1. Now that patch 4 is out, we are starting to test this patch with all our XP, 7 and 8 systems to bring them all to the same level. So far i have not seen this so far <--- keyword.
There was an issue with the HIPS 8 p2 agent plugin which was fixed by patch 4... The other symptom was that you wouldn't see all the HIPS properties locally if you did an about on the agent icon on the local system..