As stated earlier, this seems to work like a dream with a Windows 7 Client. Unfortunately it reports nothing with XP.
I spent too much time at testing/implementing HIPS and came to the conclusions that it simply isn't worth it unless you can spend 24/7 working on it. I find there is a lack of documentation compared to other McAfee products and also a lack of updates and support for different Network Adapters. The only place I was ever able to get help was here on these forums, and hips forum can sometimes not get activity for days.
Are there any plans for HIPS 9 anyone know, may give it a go again if it comes out.
Its been a while for this thread, but run into a similar situation myself recently.
From my perspective, notepad.com.exe does work with respect to firing the signature*, however (and I dont believe this is a HIPS issue, but have not fully tested yet), with a relevant exception configured, notepad still does not open (although the error message advising access is denied does not present, meaning that the exception has been picked up).
What I have found works cleanly is testing via a self extracting exe created by McAfee Endpoint Encryption for Files and Folders. A simple text file HIPStest.txt used to create HIPStest.txt.exe will trigger the sig, and when an exception is configured, the extractor will prompt you for the extracting password as expected. EEFF isnt needed, as I have also tested with a 7zip SFZ archive in the same manner.
*Works on both a Win7 and XP SP3 VM. Note that on XP SP3, notepad actually opens when the exception is in place. On Win7, it does not (see above).
may run into some inconsistency with 413, as the signature does not detect ALL double file extension types. for example it may detect test.com.exe, but might not detect test.dll.exe. its based on a list of double file extentions that mcafee has defined within 413.
Cheers Greatscott 🙂
And cheers Kary! - Not sure if you know straight off, but does putty.com.exe actually open putty (when a relevant exception is configured)? Main reason I ask, is that as per above, if I try with notepad (with an exception configured), notepad doesnt actually open. May be a Windows thing? My test with a self extracting exe (named as required) works perfectly for demonstration purposes.