After thinking I was nearly ready to rollout hips I came across a very irritating problem.
I've applied the Typical Corporate Environment policy to the HIPS firewall. After doing this I tested the client, all seemed well at first, but then I realised I wasn't able to access network drive mappings, I get a mixture of the following errors dependant on which drive I try to access:
I either get a login box saying the username or password is incorrect.
Or I get the following:
When looking into the Event Viewer there also appears to be corresponding event created in System Logs
This only seems to affect XP machines so far, Window 7 seems to be ok.
Also worth mentioning is when HIPS installs on XP it gets a few of these Stop Installation messages, even though McAfee say they have passed - https://kc.mcafee.com/corporate/index?page=content&id=KB71271&cat=CORP_HOST_INTRUSION_PREVENTION_8_0...
The XP machines are fresh builds from CD and haven't been imaged, also Microsoft Updates have been applied.
Anyone had any of these issues or know how to fix, I'm really beginning to think HIPS isn't fit for purpose as it causes more issues than it solves for me.
Hope someone can help.
Thanks in advance.
Message was edited by: harris_s on 19/05/11 16:33:00 ISTMessage was edited by: harris_s on 19/05/11 16:46:28 IST
For your drive mapping issue, does disabling the Firewall resolve the issue? If so, then it's probably an issue with blocked network traffic. You'll need to find what traffic is being blocked and write rules for it. Using Adaptive mode might help, but it has limitations. You may find System traffic (non-application based) being blocked that you'll need to manually create rules for.
For the Windows Logo testing issue, have you applied the Microsoft solutions? As per the KB you stated, KB71271, this has been found to be an issue with the Windows XP software catalog system.