I built a simple query to view if HIPS 8 Adaptive Mode is Enabled, for systems that have communiicated within the last week. I got alot of results for different branches showing Adaptive mode was Enabled. I drirll down into the columns and the column for IPS Adaptive Mode showw Enabled. Yet when I drill down into the properlies of any of those workstations and view the Products, HIPS 8, I scroll down to IPS Adaptive Mode and it shows DISABLED. Note - the policies for IPS Options have Adaptive Mode UNCHECKED.
So, why would the query show a false result for thousands of workstations when the policy is set different? I could understand if this were one or two systems.
I tried changing the query to show IPS Adaptive Mode Disabled instead and get some results which are accurate. It's odd that if I filter for Enabled I get inaccurate results.
Is it possibly related to the version of HIPS your systems are running? For example, are patch 2 systems inaccurate and patch 4 systems report correctly?
Run the HIPS 8 Property Translator server task manually once (do not Enable; this task is to remain Disabled by design). See if that fixes it.
Tried that but no difference.
It's odd - if I filter for one sub-branch I get incorrect results. If I filter for a different sub-branch I get accurate results.