McAfee Agent 4.5
HIPS 7 Patch 8
Windows XP SP3
I read somewhere that it's possible to use a script to retrieve HIPS firewall event logs from client computers. Currently, the only way to view these logs is from the local HIPS local console on the workstation. Anyone know where I can find said script? I want to be able to log onto the ePO server and view events that the HIPS firewall is blocking on any given workstation.
Thanks for the reply. I am well familiar with the ClientControl utility, butI would like to be able to do this via ePO.
I have a timed group in my FW rule set. It allows HTTP/HTTPS for 10min. Iwould like to know if users are using this and if so how many times. That way Ican determine if user is simply resetting the timed group so theycan access the internet openly and access sites they should not be
Yes, there is a ClientControl utility for Host IPS 7.0 (downloaded from the McAfee Download site). The Client Control tool does not pull Host IPS log files remotely though. It can, however, "Export the activity log to a formatted text file", if you are locally/remotely logged into that system.
Exporting the Host IPS Activity Log to a text file.
1. Open a command shell.
2. Run clientcontrol.exe /export <path of export file>
3. Copy the exported log file to another computer for collection, analysis, etc.
may i get some clarification please
you say it does not pull the Host IPS log files remotely, but then go on to say it can export the activity log to a text file if you are logged in locally / REMOTELY - will you explain what is the difference as you meant it
If you RDP to a system (remotely logged in), you can run the ClientControl tool locally on that system to export the Activity log. You cannot, however, run the ClientControl utility on your system to remotely connect to a remote host to "pull" the Activity log.
The ClientControl tool must be run on the local system to export the log file. This also does not export any information to the ePO server.