Can anyone able to help me below threat event???
|Event Category:||Policy Load Status|
KB84505 - Either the client-side default firewall policy or an incomplete set of firewall rules are enforced on Host IPS clients
PD25972 - Host Intrusion Prevention 8.0 Patch 6 Software for Windows Release Notes
This release includes a new policy failover mechanism, which results in enhanced reliability. If the McAfee Host IPS LPC service receives invalid or incomplete policies from McAfee Agent, it now rejects and doesn't enforce these policies. When such anomalies occur, McAfee Host IPS sends events to McAfee ePO. For more information, see KnowledgeBase article KB85187.
KB85187 - Host IPS 8.0 Patch 6 for Windows: Policy failover feature
Thanks Kary, but I want to know what should I do when I got this events. as if wrong then kindly correct me in KB you only get information about what this event about? but not any solution / workaround.
From a HIPS perspective, there is nothing you can do. The fault lies with the McAfee Agent/ePO/Agent Handler. You may not need to do anything. On the next ASCI, the Agent will communicate again to the ePO server/Agent Handler and will probably pull down a non-corrupt policy.
The HIPS event notification only exists to inform you that the HIPS engine refused to enforce an invalid policy; when it gets a valid policy it will enforce it.