Is there a way to purge all Client Rules from ePO? I have created all firewall rules in ePO then manually cleared out all Dynamically Created rules from an endpoint. I have also unchecked the "Don't retain client rules" section. Then run a Collect and Send Props. After that run a Host IPS 8.0 Property Translator and waited overnight. The rules are not disapperaring from the Client Side Rules section in ePO. The machine in question shows over 630 Client Side Rules in ePO, however the endpoint shows none. I would like to clear out all ePO Client Rules then the machines will re-send all rules that are created dynamically after that.
There is no way to manually delete them from ePO. You must clean out the client data and update the ePO node properties, and use the HIPS Property Translator task to add/delete from the Client Rules menu. The client rules must be cleared in this order.
Client -> ePO Node properties -> HIPS Property Translator task -> HIPS client rules menu & tables
Thanks Kary, Can you tell me how to get into the ePO Node Properties? :-) I've never been in that section before. I did see from another thread you said it was in the DB.
Can you tell me how to get into the ePO Node Properties?
In the ePO Console, click on the System Tree. Under any groups, find the System Name (i.e., ePO Node) and click on the node. This will take you to the system properties of that machine, which gives you all the details of what products are installed, versions, etc. Click on the Products tab and then the Host Intrusion Prevention product to see the product properties of that system.
I was able to find that section. There are Local Exceptions 61-96 in there and Local exception rule count =36. I checked the endpoint and there aren't any dynamic rules.