cancel
Showing results for 
Search instead for 
Did you mean: 

HIPS Error "Failed to normalize signer"

Jump to solution

I'm having an issue on a couple of my physical machines and HIPs. One of the machines is a domain controller and when HIPs is enabled and running i'm not able to login, logout or reboot the machine. It hangs on please wait while notifying event service or something like that.  I noticed in the log i get the following error:

"ERROR normalizeSigner() - Failed to normalize signer ="*"

I think i have received that error before, or at least it looks familiar, I think the issue was because i had set "Signer" to "Allow any signature" on my firewall rules. I've went back and looked and cant find that set on any applications. I'm about to go back and review settings that McAfee adds by default (just incase someone accidently changed those). Other than that i'm out of ideas.

Any thoughts?

1 Solution

Accepted Solutions

Re: HIPS Error "Failed to normalize signer"

Jump to solution

I'm not at patch level 2. I just found the policy that was causing this issue, i turned on debug logging which help find the IPS policy

4 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: HIPS Error "Failed to normalize signer"

Jump to solution

Are you running HIPS 8.0 Patch 2 (build 8.0.0.2151) or higher?  This was resolved in Patch 2.

PD23957 - Host Intrusion Prevention 8.0 Patch 2 Release Notes

5. Issue: Firewall rule does not trigger when using the "Allow any signature" option. (Reference: 695368)

Resolution: Fixed the digital signature-matching logic.

Re: HIPS Error "Failed to normalize signer"

Jump to solution

I'm not at patch level 2. I just found the policy that was causing this issue, i turned on debug logging which help find the IPS policy

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: HIPS Error "Failed to normalize signer"

Jump to solution

You can export the HIPS policy and view it with an editor to look for the APPSIGNER entry where the value is set to *.  That should give you the specific rule name to go edit in your policy and correct.

<Setting name="+AppSigner#0" value="*" />

Re: HIPS Error "Failed to normalize signer"

Jump to solution

You should also be able to go to the machine and use the ClientControl.exe /exportconfig 3....etc to get a view of the exceptions.

You may also find some useful info using the clientcontrol.exe /log option to get some useful logs in C:\Users\All Users\McAfee\Host Intrusion Prevention folder.

Of course, I also see that my HIPS exceptions are on the computer, but it is still popping...so that is a new mystery.

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.