cancel
Showing results for 
Search instead for 
Did you mean: 
kenobe
Level 10

HIPS Query Showing False Data

Hi all,

I built a simple query to view if HIPS 8 Adaptive Mode is Enabled, for systems that have communiicated within the last week.  I got alot of results for different branches showing Adaptive mode was Enabled.  I drirll down into the columns and the column for IPS Adaptive Mode showw Enabled.  Yet when I drill down into the properlies of any of those workstations and view the Products, HIPS 8, I scroll down to IPS Adaptive Mode and it shows DISABLED.  Note - the policies for IPS Options have Adaptive Mode UNCHECKED.

So, why would the query show a false result for thousands of workstations when the policy is set different?  I could understand if this were one or two systems.

I tried changing the query to show IPS Adaptive Mode Disabled instead and get some results which are accurate.  It's odd that if I filter for Enabled I get inaccurate results.

0 Kudos
4 Replies
evaughn
Level 9

Re: HIPS Query Showing False Data

Is it possibly related to the version of HIPS your systems are running?  For example, are patch 2 systems inaccurate and patch 4 systems report correctly? 

0 Kudos
kenobe
Level 10

Re: HIPS Query Showing False Data

Checked that, all machines are running SP2 for HIPS 8.

0 Kudos
McAfee Employee

Re: HIPS Query Showing False Data

Run the HIPS 8 Property Translator server task manually once (do not Enable; this task is to remain Disabled by design).  See if that fixes it.

0 Kudos
kenobe
Level 10

Re: HIPS Query Showing False Data

Tried that but no difference.

It's odd - if I filter for one sub-branch I get incorrect results.  If I filter for a different sub-branch I get accurate results.

0 Kudos