I just want to know what causes above error when trying to upgrade HIPS from v7.0 to v8.0. I am attaching a copy of logfile of 1 affected machine that might help isolate the issue.
Thanks in advance...
MSI 1603 is a generic "failure".
Here is the cause:
InstallShield 9:26:50: Invoking script function HIP7_CheckProtectMode
CALog (09:26:50): Unable to write to C:\Program Files (x86)\McAfee\Host Intrusion Prevention\
CALog (09:26:50): Product is in self-protect mode. Please disable self-protect mode before installing.
MSI (s) (A0:F8) [09:26:50:257]: Product: McAfee Host Intrusion Prevention -- Installation operation failed.
If doing local installs of HIPS, you will need to disable the Host IPS module first (Step#1 of KB73127 - MSIEXEC uninstall commands for Host Intrusion Prevention 7.0/8.0), but since you deployed via ePO, this shouldn't be necessary. Make sure you have the right "McAfee Default" policies in place though. This might be why the ePO deployment failed.
PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide
Policies and their categories
Policyinformation for Host Intrusion Prevention is grouped by feature and category.Each policy
categoryrefers to a specific subset of policies.
Apolicy is a configured group of settings for a specific purpose. You cancreate, modify, or
deleteas many policies as needed.
Eachpolicy has a preconfigured McAfee Default policy, which cannot beedited or deleted.
Exceptfor IPS Rules and Trusted Applications, all policies also have an editable MyDefault
policybased on the default policy. Some policy categories include several read-onlypreconfigured
policies.If these preconfigured policies meet your needs, you can apply any one of them.These
read-onlypolicies, like all policies, can be duplicated and the duplicate customized, ifneeded.
IPSRules and Trusted Applications policies are multiple-instance policies becauseyou can assign
multiplepolicy instances under a single policy. The policy instances are automaticallycombined
intoone effective policy.
TIP: The McAfee Default policies for IPS Rules and TrustedApplications are automatically
updated as part of thecontent update process. McAfee recommends always assigning these
policies to all clientsand creating additional policy instances to customize the behavior of these