cancel
Showing results for 
Search instead for 
Did you mean: 
gng4life
Level 7

Host IPS 8.0 Blocking Juniper NSM Client - Exception Not Working

Hello All,

I am working on policies for the HIPS module and I found that the Host IPS 8.0.0.2482 is blocking the Juniper Network and Security Manager (NSM).  The error comes up as the the Java launcher can't be created.  As soon as I disable only the IPS function, it opens instantly.  I put it in adaptive mode and it is still blocked and there are no exceptions that show up.  I put it in Learn mode, there are no prompts about allowing the application.  I attempted to make my own exception and to make it a whitelisted/trusted application but no luck.  I did a search through the signatures and looked for anything related to Java and tried to disable them to find the exact signature but no luck there either.  Of course I searched for an signature related to NSM and nothing came up.  I started looking through all the logs - Windows Event Viewer, agent log, orion log, HIPS 8 reporting, querying for events, etc. and nothing!  There was nothing in any log I could find that showed this being blocked.  The only thing that would work sometimes is if I created a local client exception on the host and it would work about half of the time - go figure??  After a policy enforcement, it would disappear and not be incorporated into the signature exceptions in the policy on the server.  I checked allow client exceptions and still no luck.  I recreated my exceptions again but still no luck.  Please help - any other suggestions?

Server - Win2K8 R2, VM

McAfee ePO 4.6.7,

Client - Win2K8 R2 and Win7, VM

HIPS 8.0.0.2482

Thanks!

0 Kudos
1 Reply
fuzziest
Level 9

Re: Host IPS 8.0 Blocking Juniper NSM Client - Exception Not Working

I had the same problem launching a java application that uses JNLP to launch the program. I kept getting an unable to create virtual machine error. What I ended up having to do was to exclude javaw.exe from the Application Protection Rules on my IPS Rules policy. Which is not good because now it leaves javaw.exe vulnerable. But at least the application will start successfully.

EDIT:

This was the problem I was having:

https://community.mcafee.com/message/331941

Message was edited by: fuzziest on 6/30/14 4:53:56 AM HST
0 Kudos