cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: How to test HIPS

As stated earlier, this seems to work like a dream with a Windows 7 Client.  Unfortunately it reports nothing with XP.

I spent too much time at testing/implementing HIPS and came to the conclusions that it simply isn't worth it  unless you can spend 24/7 working on it.  I find there is a lack of documentation compared to other McAfee products and also a lack of updates and support for different Network Adapters.  The only place I was ever able to get help was here on these forums, and hips forum can sometimes not get activity for days.

Are there any plans for HIPS 9 anyone know, may give it a go again if it comes out.

Highlighted

Re: How to test HIPS

Its been a while for this thread, but run into a similar situation myself recently.

From my perspective, notepad.com.exe does work with respect to firing the signature*, however (and I dont believe this is a HIPS issue, but have not fully tested yet), with a relevant exception configured, notepad still does not open (although the error message advising access is denied does not present, meaning that the exception has been picked up).

What I have found works cleanly is testing via a self extracting exe created by McAfee Endpoint Encryption for Files and Folders.  A simple text file HIPStest.txt used to create HIPStest.txt.exe will trigger the sig, and when an exception is configured, the extractor will prompt you for the extracting password as expected.  EEFF isnt needed, as I have also tested with a 7zip SFZ archive in the same manner.

*Works on both a Win7 and XP SP3 VM.  Note that on XP SP3, notepad actually opens when the exception is in place.  On Win7, it does not (see above). 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 23 of 29

Re: How to test HIPS

Putty works as well.  I test with putty.com.exe, which will open with an IPS exception.

Highlighted

Re: How to test HIPS

may run into some inconsistency with 413, as the signature does not detect ALL double file extension types. for example it may detect test.com.exe, but might not detect test.dll.exe. its based on a list of double file extentions that mcafee has defined within 413.

Highlighted

Re: How to test HIPS

Cheers Greatscott 🙂

And cheers Kary! - Not sure if you know straight off, but does putty.com.exe actually open putty (when a relevant exception is configured)?  Main reason I ask, is that as per above, if I try with notepad (with an exception configured), notepad doesnt actually open.  May be a Windows thing?  My test with a self extracting exe (named as required) works perfectly for demonstration purposes.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 26 of 29

Re: How to test HIPS

Yes, putty.com.exe will open properly (same as putty.exe).  I see the same thing with Notepad.com.exe, as well.

Highlighted

Re: How to test HIPS

Interesting!  Tis a vanilla build, so something wierd must be happening on my side!  Ah well, I think this post covers a multitude of options for people to test which can only be a good thing 🙂

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 28 of 29

Re: How to test HIPS

To clarify, notepad.exe runs fine, but copying/rename notepad.exe to notepad.com.exe does NOT open fine.  Not sure why.  Putty.exe renamed to putty.com.exe runs fine.

Highlighted

Re: How to test HIPS

Ambiguities of the English language!  Cheers for confirming Kary

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community