i am currently getting ready to deploy HIPS to around 2000 laptops. To date we have been testing HIPS with patch 3, and have not experienced any issues.
My question is, if we are not having any issues with patch 3, is it worth deploying patch 4, taking into consideration some known issues with patch 4 that are noted in the readme RE: blocking local host traffic.
A reason i would like to upgrade to a later patch level is to fix the yellow warning that appears on the M in the tray on start up despite there being nothing wrong, but that is an issue i guess they may fix another day
About the "yellow warning", are you using ViruScan (Enterprise) ? If yes, you won't "fix" anything because nothing's broken. The yellow warning is usually an indication that VSE wrote something in the OAS logs. Reading the logs removes the sign. You may want to check what you're logging.
About HIPS Patch 4, test beforehand. We've been having loads of issues since installing patch 4.
as I mentionned in another post (HIPS blocking localhost !?) patch 4 modifies the behaviour of HIPS w.r.t. localhost. This means many Windows services, IPC, Oracle DB and more don't work until you add specific rules enabling localhost.
we're still experiencing huge problems with systems not being able to connect to Windows domain controller at boot-time but only after ~2 minutes. This leads to GPO not being applied and more issues. This is being investigated with McAfee at this moment