cancel
Showing results for 
Search instead for 
Did you mean: 
pdc_irl
Level 7

XP SP3 on HIPS enabled host

Just wondering has anyone looked into deploying SP3 with HIPS enabled host?

I just ran the <windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe> version of SP3 on an SP2 XP system, and there was a number of alerts appeared, one specifially down to an update to the windows 'screen saver logon.scr'. HIPS popped up an alert with a warning. Other actions blocked were related to the access protection rules of Vscan 8.5i, where changes were being made to the registy.

My concern would be if we were to release SP3 (when it gets official release via WSUS) will I be facing a large number of systems with alerts apearing.

any thoughts / experience would be appreciated
0 Kudos
9 Replies
Raja
Level 9

RE: XP SP3 on HIPS enabled host

HIP is not currently supported on XP SP3. HIP 7.0 Patch 2 (June) will support it.
0 Kudos

RE: XP SP3 on HIPS enabled host

Smiley Happy

Hi Everyone,

I'm looking for information regarding rolling out SP3 via WSUS onto workstations with HIPS installed.

I know, from tests that HIPS kills the update.

Are there any rules whic I can add to HIPS to allow the SP to be installed?

Raja: when in June?


Cheers

steve

happy
0 Kudos
chuck92103
Level 7

RE: XP SP3 on HIPS enabled host



There is a client utlity available for HIPS that can be packaged with SMS or other software deployment system. The utility can disable HIPS and allow the update to occur.
0 Kudos

RE: XP SP3 on HIPS enabled host



Neat, where's that then?

happy
0 Kudos
Raja
Level 9

RE: XP SP3 on HIPS enabled host

It's on the download site.
0 Kudos

RE: XP SP3 on HIPS enabled host

OK, Now we're cooking...

one small snag, what's it called?

will it allow for deplyment through WSUS?

happy
0 Kudos
snow-munki
Level 7

RE: XP SP3 on HIPS enabled host



Won't mind knowing aswell !
0 Kudos
FredFleming
Level 7

Having Same Problem



I am using Landesk for software deployment and patch management. We recently upgraded to McAfee 8.5 and EPO 4.0. After the update I started getting deployment failures and users calling about a pop-up message referring to access to the registry. I found going to the users machine and manually running the install package created the same error. To finally get the software to install I had to temporairly disable McAfee Access Protection then run the install package (manually). Problem with this method is, EPO will reset the Access Protection back to Enabled as soon as it reports back to the EPO server (every 15 minutes). You don't know if you have 15 minutes or 1 minute to install your software because you don't know when the EPO agent last checked in. Against my recommendations the Security Audit Manger had the EPO administrator set the McAfee 8.5 to Maximum Protection. The McAfee logs on the machines clearly show McAfee blocking the software install package executable. We can add exclusions to help but they would have to enter approx. 125 names to cover all of our install packages. Hoping it would not see something else to stop as the package installs...i.e. registry changes.

They are also trying to blame it on HIPS we have running. I don't know if HIPS is the problem...I think it is setting McAfee to MAX protection. If you or anyone out there have run across any fixes, suggestions or helpful utilities to disable McAfee long enough to patch the machine or install software I would appreciate hearing about it.

Also, the powers here have decided to try the LandDesk HIPS rather than McAfee thinking it would allow its (Landesk) packages to go through and not block. I hope they are correct but I still think it is McAfee Access Protection being set to high.
0 Kudos
Raja
Level 9

RE: Having Same Problem

Access protection is a function of VSE 8.5 and has nothing to do with HIP. Who is trying to blame it on HIP?
Do you have an SR#?

-R-
0 Kudos