Plan to roll out patch 7 to about 200 machines. However I have found with early testing that the install drops the network connection. I have read the Mcafee KB59945 and it basically says that this is how it is.
Just wondering since the KB if there is a work around as all our users are Citrix based so need to make sure the connection does not drop.
Any ideas / work arounds ?
I am in the same situation. I have ~15000 nodes that will need to get updated with the HIPS 7 patch and was told by McAfee the following:
The HIP 7.0 firewall NDIS intermediate miniport filter is based on NDIS 5.0 spec. Basically when any 5.0 NDIS driver install or uninstall occurs, the operating system must tear down the network stack and restack it with the new NDIS driver.
The HIP 8.0 product will be built on NDIS 6.0 spec which adds the functionality of 'state' awareness for NDIS drivers.
So, any 6.0 spec NDIS can be "paused" or "resumed" during anothers' install or uninstall.
Hence, the network stack does not need to be torn down by the operating system and now loss of network connectivity will occur. 8.0 will ship in Q310.
However to upgrade to HIPS 8.0 from 7.0 it will still drop the network connection. I have not found a work around for this yet so I would be interested in seeing if anyone has as well.
You can reference KB59945.
Also, it's true that HIP 8.0 will be based on NDIS 6.0 which added 2 new filter states; Pause & Resume.
If you are installing/uninstalling NDIS 6.0 filters on a system that only has NDIS 6.0 on it, the network stack does not need to be torn down to relayer the network driver shims. They would simpley be paused and resumed.
However, when you go to upgrade an existing HIP 7 system, the uninstall of the HIP 7 NDIS will cause the stack to be torn down.
Thanks all, so bottom line is that with the current HIPs version 7 I'm pretty stuffed ?
Version 8, whenever that will be released will 'fix' this issue ?
HIP 8.0 will resolve the issue because it is based on NDIS 6.0.
However, the uninstall of HIP 7.0 NDIS driver will still drop the stack momentarily.
Going forward from HIP 8.0, this will not occur again.
This is news to me, I wasn't aware of KB59945 (https://kc.mcafee.com/corporate/index?page=content&id=KB59945 I put the reference here because I didn't find it earlier.
Does this mean that whenever one installs HIPS 7 (using Patch 6 presently) the system needs to reboot ?
We had a policy here that HIPS (and VSE) would be reinstalled on systems (through client tasks) several times a day. This is to compensate for cases where a user having admin rights "accidentally" removes HIPS or VSE . It's worked fine for the past 3-5 years (I've only been here for 2 years).
We use mostly Win XP SP 3 and some Vista for now but the trend is moving towards Windows 7 (test phase).
Up until recently (DFW through HIPS 7 through to HIPS 7 patch 6) we didn't have too much problems, but this month, we started getting calls from users complaining that on some system they'd lose the network as soon as HIPS gets installed.
Since all problems happened on newer Windows 7 systems I thought there might be a compatibility issue with Windows 7.
Could someone confirm that my problems have been due to the issue discussed here and related to KB59945?
 Note: I have been thinking of replacing this by a task that installs VSE resp. HIPS once a day at boot time. It wouldn't change a thing to the problem at hand, now.Message was edited by: Serge M. : added specification on our patch level on 6/1/10 10:07:24 AM CEST
No, not reboot.
There is only a momentary loss of network stack while Windows is re-shimming the NDIS 5.0 drivers to the network interfaces.