cancel
Showing results for 
Search instead for 
Did you mean: 

Probably a given but...

Jump to solution

Hello,

I had a question regarding HIPS 8 on systems running IIS v7. What are the security implications if the ISAPI extensions are removed from the application.config file? Will this effectively remove HIPS 8's ability to filter http requests on a system? It seems like that is what it seems like but I just wanted clarification as I suspect someone may have made this change in our enterprise as a "fix" for a corrupt or missing .dll and am curious as to the impact it. Thank you very much!

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Probably a given but...

Jump to solution

Removing the ISAPI extension will affect the HIPS/IIS integration (as you stated), but for troubleshooting, it would be better to disable the HTTP engine in HIPS, rather than remove the extension from IIS.

6 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Probably a given but...

Jump to solution

I think you'll get a quicker answer in the HIP section so have moved it there.

Reliable Contributor greatscott
Reliable Contributor
Report Inappropriate Content
Message 3 of 7

Re: Probably a given but...

Jump to solution

I think we had the same issue. We essentially had to disable the HTTP engine within the HIPS Client UI policy because it was disrupting web services on the IIS server. I think the dll was missing and we were unable to filter HTTP correctly.

Re: Probably a given but...

Jump to solution

Yes, the missing dll was causing application pools to become disabled. Instead of repairing the application, the "fix" essentially removes any capability for HIPS to filter http requests as I understand it. I'm hoping I'll get some validation from this post but it's reassurring to see I am not the only one with an issue like this. Thanks for the reply!

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Probably a given but...

Jump to solution

Removing the ISAPI extension will affect the HIPS/IIS integration (as you stated), but for troubleshooting, it would be better to disable the HTTP engine in HIPS, rather than remove the extension from IIS.

Re: Probably a given but...

Jump to solution

To clarify, by removing ISAPI extensions, I mean by following the procedure here: https://kc.mcafee.com/corporate/index?page=content&id=KB72677&actp=LIST. I just want to be sure we are referring to the same procedure. I believe there may be some confusion and belief that the ISAPI extensions are legacy and not actually part of HIPS 8 and further. I'd like to clear up this misunderstanding if possible. I can create an additional discussion if that seems like a good idea. Thank you.

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Probably a given but...

Jump to solution

That KB articles refers to the ISAPI extension not being removed after HIPS 8 is uninstalled.  Manually modifying the file to remove the leftover extension.

If HIPS 8 is installed, then you wouldn't follow the KB article.  You would modify the HIPS 8 General: ClientUI policy, and in the Troubleshooting tab, you would disable the HTTP engine.  This prevents HIPS enabling the HTTP engine functionality for IIS and Apache servers (not typically something you should do without contacting McAfee Support first, if there is some issue you're seeing with HIPS & IIS/Apache).

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.