cancel
Showing results for 
Search instead for 
Did you mean: 
Bill_the_Cat
Level 7

Remote disable HIPS via script

>

Good day all. I am looking for a way to remotely present the HIPS GUI with the unlock password and temporarily disable both Host and Network IPS.

We have several McAfee agents that are the correct versions for our installation (4.5.0.1270), but are being read as rogues because we forgot to clear the GUID out of the registry when we made the ghost image. We need to delete the agent registry key so that when the agent enforces policies, it generates a new guid. Unfortunately, HIPS is hiding the key, and it isn't managed, so we can't turn it off remotely. We can remote desktop into the box, disable HIPS through the GUI, and then delete the key and enforce the policies, which works great. However, we have about 140 boxes, and one at a time is too time consuming. We can script the key deletion and the McAfee agent policy enforcement part, but we haven't been able to figure out how to get the HIPS part scripted. Any help would be appreciated!

  
McAfee Agent 
Version number: 4.5.0.1270
Managed 
   
   
Host Intrusion Prevention 7.0.0 
Version number: 7.0.0.1070

0 Kudos
7 Replies
Mal09
Level 12

Re: Remote disable HIPS via script

Does this help?

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22145/en_US/...

Message was edited by: Mal09 on 06/04/10 15:56:41 GMT
0 Kudos
Bill_the_Cat
Level 7

Re: Remote disable HIPS via script

Would love to try it. But I can't find it to download it. Any ideas?

0 Kudos
HupSkiDup
Level 11

Re: Remote disable HIPS via script

Are you sure its HIPS you need to disable?  Or do you need to go to virusscan console and uncheck the 2 boxes inside access protection?  That is what I would think is stopping a remote registry deletion.

The client control utility should be on the download site if you need it.

0 Kudos
Bill_the_Cat
Level 7

Re: Remote disable HIPS via script

Yes. it is HIPS. As I posted in my OP, when I disable both host and network IPS, I can do what I need to do.

Also, I've looked over the download site (although i can't log in as our enterprise account due to their slackness) and it isn't where I can find it.

0 Kudos
Mal09
Level 12

Re: Remote disable HIPS via script

I can download it from:

https://secure.nai.com/apps/downloads/my_products/login.asp

Under:

McAfee Total Protection for Endpoint

Endpoint Security

Host Intrusion Prevention v7.0

ClientControl700.Zip     148KB     Oct 19 2007     ClientControl utility for McAfee Host IPS v7.0.0 (Patch 2 and earlier)     English     Windows

ClientControl700P3.Zip     135 KB     Nov 12 2008     ClientControl utility for McAfee Host IPS v7.0.0 (Patch 3 and greater)     English     Win
0 Kudos
bgable
Level 11

Re: Remote disable HIPS via script

It is on the product download site under the HIP 7.0 link.  You will need a valid grant# for Host Intrusion Prevention to access it.

Otherwise, open a support case and ask for the utility.

0 Kudos
Bill_the_Cat
Level 7

Re: Remote disable HIPS via script

Unfortunately, the morons in charge of the ePO server also have the grant # and will not part with it. I guess I'll have to see what other avenues I have. Thanks

0 Kudos