We are in the process of deploying HIPS 7.0. Unfortunately, by default, the firewall portion of HIPS is logging all BLOCKED traffic on every client machine.
I'd like to turn this off as it is not necessary to be running all of the time. I do not see any policies specific to this in ePO. Using regshot (before and after comparison of the registry) after unchecking the 'log all blocked traffic' it appears at the FireNetPrefs.txt file is being altered. I suspect this is where the setting is stored...however this file is not human-readable at all (despite the .txt extension).
Has anyone had a similar quandry - if so, how did you solve? (p.s. manually turning this off on each machine is not an acceptable solution for 4000+ workstations).
Yes I understand - but to some people it looks like "just another app that is needlessly logging and causing disk reads, memory, etc...read: slowness" and we've recently been on a big kick to eliminate that sort of thing.
With that being said, it would've been nice to at least turn it off easily. McAfee has a bad enough reputation as it is ... heh.