cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Patch 14 fix HIPS-992 Serious issue

Not so much a question but an entry for the community. This appears to be a very serious bug. I discovered it on my machine only when I noticed that HIPS was fully disabled. There is nothing in ePO to suggest the machine may be in this state. Support cannot tell me (yet) what the scope of the issue is and are simply suggesting I push patch 14 globally. The only way we can identify the issue at the moment is via entry in local firesvc.log:

2020 15:25:38.884 FireCore.cpp[4352]    VERBOSE  (11992) << isFireCoreAvailable() - result = 0.

I am considering trying to parse that file on each machine for an error whilst hoping that support will come up with something better.

Also note that there appears to be nothing more about the issue in KB. Some of the other issues addressed in the patch also look rather serious. Scary. Why would I rush out a patch when the last one has done this much damage? Small wonder it was delayed...............

https://docs.mcafee.com/bundle/host-intrusion-prevention-v8-0-14-release-notes/resource/prod-host-in...

2 Replies
theglot
Level 11
Report Inappropriate Content
Message 2 of 3

Re: Patch 14 fix HIPS-992 Serious issue

Note if you have ENS this happen but only if you don't have the full suite installed.  Issue with SYSCORE.

Patch 14 fixes the SYSCORE.   But keep an eye out for broken sessions.

Re: Patch 14 fix HIPS-992 Serious issue

Sort of. The issue actually seems to be that a higher version of syscore is installed than the product you have just installed. In this instance I had installed HIPSP14 and then removed HIPS and installed HIPSP13. Indeed, upgrading to P14 fixed this, but the underlying concern is that there was no way to identify systems in such state from ePO. I suppose one could run a a query on 'Systemore Version', but we are not using ENS and that field does not work. I guess I can get the systemcore from the registry and use that either in SIR or by populating a custom field, but that is messy and probably not worth it.

I say 'probably', but imagine if you found a nasty bug in P14 and decided to downgrade all systems back to P13. Hopefully someone would notice quickly!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community