cancel
Showing results for 
Search instead for 
Did you mean: 
Dvanmeter
Level 9

Prevent HIPS service from being disabled

Jump to solution

Where is the policy to prevent the McAfee Host Intrusion Prevention Service (entercept) service from being disabled and also the McAfee Host Intrusion Prevention lpc Service.  I notice the Firewall portion is blocked from tampering but not the other two

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Prevent HIPS service from being disabled

Jump to solution

1. Ensure the Host IPS module is enabled via policy.

2. Ensure you have the "McAfee Default" policy assigned to HIPS 8.0 IPS Rules and Trusted Applications policy assignments, in addition to custom policies.

3. Ensure you have the Protection Policy set to HIGH: PREVENT mode.

4. In the IPS Rules policy, ensue that Signatures 1000-1003 are set to HIGH severity.

5. Ensure you don' thave any IPS exceptions for Signature 1000-1003.

With the above set, you should not be able to stop the HIPS services (LPC and Host Intrusion Prevention, specifically), regardless if you have admin rights to the system.  If you have debug logging enabled, the Hipshield.log file should record Sig 1000 event violations if you try to stop the services.

0 Kudos
3 Replies
McAfee Employee

Re: Prevent HIPS service from being disabled

Jump to solution

1. Ensure the Host IPS module is enabled via policy.

2. Ensure you have the "McAfee Default" policy assigned to HIPS 8.0 IPS Rules and Trusted Applications policy assignments, in addition to custom policies.

3. Ensure you have the Protection Policy set to HIGH: PREVENT mode.

4. In the IPS Rules policy, ensue that Signatures 1000-1003 are set to HIGH severity.

5. Ensure you don' thave any IPS exceptions for Signature 1000-1003.

With the above set, you should not be able to stop the HIPS services (LPC and Host Intrusion Prevention, specifically), regardless if you have admin rights to the system.  If you have debug logging enabled, the Hipshield.log file should record Sig 1000 event violations if you try to stop the services.

0 Kudos
Dvanmeter
Level 9

Re: Prevent HIPS service from being disabled

Jump to solution

ok, thank you for the reply.  I thought those had to do with the mcafee agent, not HIPS.  I will test it out

0 Kudos
Dvanmeter
Level 9

Re: Prevent HIPS service from being disabled

Jump to solution

yes, that did the trick. Thank you.

0 Kudos