Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 2

Host Intrusion Prevention 6.1 Agent has been reposted to include patch 3

Host Intrusion Prevention 6.1 Agent has been reposted to include patch 3 in the package.

Refer KB613990


Issue: (Reference: 350239)
Host IPS 6.1 agent version does not display
correctly in ePO reports or product properties
with Patch 1 applied.
The version reporting for patches has been
redesigned. Host IPS version reporting now includes
the build number in the product About boxes and in
ePolicy Orchestrator properties and reporting.

Issue: (Reference: 348379)
The firewall blocks traffic when the application
is located in a NTFS-mounted folder.
The firewall was unable to resolve the correct
pathname of the application on a mounted partition.
The path logic was modified to determine
the correct path.

Issue: (Reference: 338332)
Data not available for SQL triggers with comments.
The Host IPS client discarded details when the contents of
IPS events were too large. The event handling was
modified so sections are now truncated instead of

Issue: (Reference: 347352)
Host IPS About box reports while the ePolicy
Orchestrator Agent reports Host IPS
Host IPS components used different methods previously
to report builds and versions. The Host IPS About box
and ePolicy Orchetrator Agent About list both now use
the same registry value for reporting builds and

Issue: (Reference: 347342)
Using * as a wildcard in the file name of an
Application Blocking rule does not work correctly.
The Application Blocking file name * wildcard only
worked when the asterisk was placed at the beginning
of the file name. The wildcard handling was updated
so the asterisk will also work in the middle and end
of an Application Blocking file name.

Issue: (Reference: 356345, 356349)
Host IPS policies are not applied to client
systems with non-administrator users logged on.
Host IPS policies on all Windows-authenticated
users allow modification to Host IPS registry keys.

Issue: (Reference: 359709)
ProE application load time slowed when Host IPS and
Firewall are disabled.
Unnecessary hashing caused long loading delays for
remote applications. The remote hashing procedure is
now disabled if the Firewall is disabled.

Issue: (Reference: 360814)
FTP commands do not work when Host IPS service is
disabled and the Firewall module deactivated.
The firewall driver becomes locked down, as a
security feature, when the Host IPS service is
disabled. The firewall driver now detects when the
Host IPS service shuts down and places itself into
a pass-through state if the firewall module is

Issue (Reference: 346561, 341544, 350245, 355395,
The FireSvc.exe process maintained an elevated
level of CPU Usage.
FireSvc threads were unable to access a corrupted
internal data structure. Synchronization and
locking methods now protect the data structure and
exception handling was improved.

Issue (Reference: 327209, 335830)
The Explorer.exe process fails at system startup
and causes a blank desktop.
A conflict occurred between the IPS and Application
Blocking features. A synchronization mechanism has
been added between IPS process monitoring and
Application Blocking to provide dependable process

Issue: (Reference: 339694)
Firewall allow rules in a Connection Aware
Group do not permit communication with an
ActiveSync device.
The long delay that prevented the firewall from
receiving the IP address of an ActiveSync device
has been resolved.

Issue: (Reference: 334683)
Application Blocking protection prevents running
an SMS script from a UNC path despite a rule
allowing the script execution.
The parent process maintained an exclusive lock
on the script file, which prevented the Host IPS
client from reading the file for file hashing.
The Host IPS client has been updated to allow
application execution when the application is
included in a path-only rule.

1 Reply
Level 7
Report Inappropriate Content
Message 2 of 2


Yes! A build release with patch built in! Yes! Yes but.... does anyone have the ENGLISH translation for the install notes? I'm confused as the notes are 90% about Patch 3 standalone?

  1. When the install references "patch 3" are they talking about Build 506 which I've downloaded (HIPS with Patch 3 built in) or are they just left over from a cut n paste job?
  2. Does Build 506 require a reboot, or just patch 3 per the install notes?
  3. If so does Build 506 require a reboot only when upgrading or also for 1st time install?
  4. Is a reboot required when upgrading p1 or p2 clients?
  5. Why would I keep Patch 3 in the repository if Build 506 updates all post p3 6.1 installs?
  6. Why are there instructions to run "McAfeeHIP_ClientPatch3.exe" when it's not in the download and it's not relevant to the download?
  7. Will my clients see "Service Error #31" with Build 506 or just with Patch 3?
  8. If I don't check "notify of reboot" will the system silently reboot without notice or will it wait for the user to reboot?
  9. AND most critical of all WTH is the final note about? Patch 3, Build 506?? TWO Reboots? Does the app reboot, the user. What?[LIST=1]
  10. Issue: (Reference: 328407)
    Firewall rules within a Connection Aware Group
    are promoted to root level upon initial Host IPS client installation.
    Fixed a caching issue in the Host IPS ePolicy
    Orchestrator plug-in.

Host IPS Client 6.1.0 Patch 3 will update a client
containing Host IPS Client 6.1.0 (Build 506) or
later. It will not update a previous version.
Patch 3 is language independent and will update
English and non-English systems.

An administrator can install this release by
adding the package to the ePolicy Orchestrator
repository for deployment via an ePolicy
Orchestrator agent Update task.

Note: New Host IPS client installations deployed
using ePolicy Orchestrator, will automatically
receive Patch 3 if Patch 3 is checked in to the
ePolicy Orchestrator repository.

Patch 3 can also be installed locally by running
the patch binary on the target system.
1. Disable the Host IPS protection from ePolicy
Orchestrator or the local client UI.
2. Run McAfeeHIP_ClientPatch3.exe
3. Enable Host IPS protection
4. Restart the system

Patch 3 requires a reboot to complete installation
for Host IPS Client 6.1.0 (pre-Patch 1) systems.
Systems upgraded through ePolicy Orchestrator, with
the user logged in, will prompt for reboot if the
"Prompt user when software installation requires
reboot" option is selected in the ePolicy Orchestrator
Agent software configuration settings. ePolicy
Orchestrator upgrades, with no user logged in, or local
upgrades performed using third party tools such
as SMS, will not prompt for a reboot. If deploying
Patch 3 via a third party application, force a
reboot after installation. The ePolicy Orchestrator
Agent will not update any other product or DAT until
the required system restart occurs.

Systems running at least HIP Client 6.1.0 Patch 1
do not require a reboot after applying Patch 3.

On the first restart after the Patch 3 install,
the Host IPS client Activity Log may display the
following message:
"Service Error #31"
This is a benign message and does not impact the
Host IPS client operation.

Note: Systems which require a fix for issue
328407 may need a second reboot reload the drivers
replaced during systems startup.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community