cancel
Showing results for 
Search instead for 
Did you mean: 
snowman5840
Level 7

Rollout HIPS 7 with Epo 3.6.1

Hi guys

How can I check in the HIPS packets to my repository? I want to push the HIPS installtion with the Epo Agent. The upgrade from DFW 8.5 to HIPS 7 works, but i don't know how to install or upgrade my DFW 8.5 Clients witch Epo.

I'll hope somebody can help me.


Regards
0 Kudos
5 Replies
Grafis
Level 7

RE: Rollout HIPS 7 with Epo 3.6.1


  1. Install the HIPS 7 Server component first.
  2. Add HIPS 7 to your master repository.
  3. Confirm HIPS is NOT part of an existing deployment task
  4. Configure your policies
  5. Test by deploying to a few machines via local deployment task (disable inheritance on an individual node or group, then add HIPS as an Install item on the local deployment task)
  6. If successfull... Add to your Global Deployment task
Monster Monster MONSTER Caveat of death in my case
McAfee Document ID: 612704
- If you Run the Cisco VPN client make 100% sure you have not installed The Firewall component, if you have remove it first (oh the joy). Doesn't matter if it's On or not you must remove the DLLs and registry entries. This KB states it's an issue it's running, in our case it was an issue just being installed and teir 3 had us follow these steps (after BSD'ing multiple machines in the field)

McAfee and VPN do NOT play nice (we've had FW issues in the past that McAfee released SP's for)

McAfee Document ID: 614281
The following Virtual Private Network (VPN) clients have been tested and are currently supported with McAfee Host IPS 7.0:

  • Cisco VPN3000 4.8.00
  • Nortel Contivity VPN Client 6.01
  • CheckPoint VPN Client R56_548000619
  • CheckPoint VPN Client R60 HFA2
  • F5 Firepass 1200 6.0.1 (6010,2007,223,319)
0 Kudos
Grafis
Level 7

RE: Rollout HIPS 7 with Epo 3.6.1

Monster caveat of death 2.0

Ensure all clients are running CMA 3.6.0.574 (3.6 patch 3) before rolling out HIPS.

+++ mcAfee bullentin +++
McAfee Common Management Agent (CMA) 3.6 Patch 3 is available for download to licensed customers from McAfee ServicePortal:
https://mysupport.mcafee.com/eservice_enu/default.htm
It is highly recommended to install this patch to remediate of the below critical issue:
ISSUE:
The Common Management Agent corrupted the
server.xml and/or compiled.xml files when it
compiled policies.
RESOLUTION:
The Common Management Agent now locks the
server.xml and compiled.xml files as a single
unit. This greatly decreases the likelihood of
the policy compilation process corrupting these
files.
0 Kudos
snowman5840
Level 7

RE: Rollout HIPS 7 with Epo 3.6.1

ok and how can I add HIPS 7 to my master repository? I don't find any *.nap or *.z file to check in
0 Kudos
Raja
Level 9

RE: Rollout HIPS 7 with Epo 3.6.1

The agent is a seperate download and not included with the server component.
0 Kudos
metalhead
Level 12

RE: Rollout HIPS 7 with Epo 3.6.1

The NAP is automatically added via installing the "server component" of HIPS. Remember that there is already the 7.0.1 version of the server component available for eP 3.6.1.
0 Kudos