Hi I'm trying to get the HIPS firewall up and running and I have recently run into this problem. I added a new group of machines to my test group, and all of a sudden I stopped getting any info from HIPS in EPO at all. No client rules, no client info or version, nothing. I've got a call in to support but after 2 weeks the best they can tell me is that patch 1 will fix it. I think I've narrowed down the problem at this point to a bad signer record being read, as I get this message in my orion.log every time the Property translator tries to run:
Host IPS 8.0 Property Translator] failed with exception
java.util.concurrent.ExecutionException: com.mcafee.orion.core.cmd.CommandException: signerName cannot be parsed as a Distinguised Name
Caused by: java.lang.IllegalArgumentException: improperly specified input name: CN=Stardock Corporation, O=Stardock Corporation, STREET=15090 N Beck Road Ste 300, L=Plymouth, S=MI, PostalCode=48170, C=US
Caused by: java.io.IOException: Invalid keyword "POSTALCODE"
I've tried the advice in KB71520, which said to remove the bad client rule, which I did by both turning off adaptive mode on the only 2 machines that have the offending software signature and by turning off "retain cleint rules" for the whole group, but I still get the same error.
Does anyone know a fix for this other than "wait for the patch"?
I previously spoke with Stardock about this issue, POSTALCODE is a non-standard keyword within the certificate signer (based on http://www.ietf.org/rfc/rfc1779.txt)
Figure 1: BNF Grammar for Distinguished Name
Key Attribute (X.520 keys)
Table 1: Standardised Keywords
At that time, thier certificates were issued by Comodo and I was under the impression they were going to talk to them about the issue. If they have, then it might be possible to simply install the latest version of which ever Stardock application you are using.