Good day all. I am looking for a way to remotely present the HIPS GUI with the unlock password and temporarily disable both Host and Network IPS.
We have several McAfee agents that are the correct versions for our installation (184.108.40.2060), but are being read as rogues because we forgot to clear the GUID out of the registry when we made the ghost image. We need to delete the agent registry key so that when the agent enforces policies, it generates a new guid. Unfortunately, HIPS is hiding the key, and it isn't managed, so we can't turn it off remotely. We can remote desktop into the box, disable HIPS through the GUI, and then delete the key and enforce the policies, which works great. However, we have about 140 boxes, and one at a time is too time consuming. We can script the key deletion and the McAfee agent policy enforcement part, but we haven't been able to figure out how to get the HIPS part scripted. Any help would be appreciated!
Version number: 220.127.116.110
Host Intrusion Prevention 7.0.0
Version number: 18.104.22.1680
Are you sure its HIPS you need to disable? Or do you need to go to virusscan console and uncheck the 2 boxes inside access protection? That is what I would think is stopping a remote registry deletion.
The client control utility should be on the download site if you need it.
Yes. it is HIPS. As I posted in my OP, when I disable both host and network IPS, I can do what I need to do.
Also, I've looked over the download site (although i can't log in as our enterprise account due to their slackness) and it isn't where I can find it.
I can download it from:
McAfee Total Protection for Endpoint
Host Intrusion Prevention v7.0ClientControl700.Zip 148KB Oct 19 2007 ClientControl utility for McAfee Host IPS v7.0.0 (Patch 2 and earlier) English WindowsClientControl700P3.Zip 135 KB Nov 12 2008 ClientControl utility for McAfee Host IPS v7.0.0 (Patch 3 and greater) English Win
It is on the product download site under the HIP 7.0 link. You will need a valid grant# for Host Intrusion Prevention to access it.
Otherwise, open a support case and ask for the utility.
Unfortunately, the morons in charge of the ePO server also have the grant # and will not part with it. I guess I'll have to see what other avenues I have. Thanks