cancel
Showing results for 
Search instead for 
Did you mean: 
kenobe
Level 10
Report Inappropriate Content
Message 1 of 4

Too Many HIPS IPS Rules Instances?

Hi all,

We had an ePO that would lock up two to three times per week.  Editing IPS exceptions was also a chore.

Finally, our admin built a new ePO from scratch and all was going well. Today we began reapplying all our different IPS rulesets.  In some branches, there were up to 4 IPS rules instances after this.  Shortly after, our new ePO locked up so hard we had to roll back to a snapshop from 2 days ago.

Is it possible having too many IPS ruleset instances can cause an ePO to lock up?

Thanks

Ken

3 Replies
Highlighted
c14us
Level 7
Report Inappropriate Content
Message 2 of 4

Re: Too Many HIPS IPS Rules Instances?

Well that's properbly not the root cause.

I would start by looking after rules that flood the ePO with events. From the scenario described, it could be just about anything

Claus

kenobe
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Too Many HIPS IPS Rules Instances?

We found the lock ups were unrelated.  Our lockups were an Automatic Response to DLP events, notifying us by e-mail when an attempt occured.  Turned out, the filters in place for that event were doing some of the same filtering over and over again, locking up the server.

We're sticking with 3 rulesets or less for IPS rule assignment instances anyway.  IPS exception and rule edits aren't taking very long.

Re: Too Many HIPS IPS Rules Instances?

Yes, please see

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.