cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Anyone is using NSP 9.2?

After some time on NSM 9.2.7.9, I found the one more issue.

After upgrade from 8.3 there is no UDS signatures displayed in the Custom Attacks view. The signatures are included in IPS policies and are matched OK but when I open Custom Attacks view to display all UDS (McAfee/Snort), the list is empty. When close such view, NSM asks about discard changes.

So UDS are in the system, but the list can not display them.

Anyone also see this behavior ?

Tags (1)
Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 12 of 18

Re: Anyone is using NSP 9.2?

After a couple weeks on 9.2, I can say, wait before upgrading... Too many unresolved issues. I have reported one confirmed BUG and 1 unconfirmed being seen by developers.

 

I regret having made the jump, should have stayed in 9.1

Reliable Contributor petermason
Reliable Contributor
Report Inappropriate Content
Message 13 of 18

Re: Anyone is using NSP 9.2?

Hi Kylekat,

What are the bugs you're seeing? Are they having a big impact on your environment?

Thanks

Peter Mason

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 14 of 18

Re: Anyone is using NSP 9.2?

The official BUG is my secondary NSM server randomly spiking to 100% CPU utilization by process Java.exe and remaining there until the NSM services are manually stopped. This is not affecting my primary, so all that is lost in the redundancy/High Availability.

The Not-yet-considered-bug is my primary NSM server's dashboards showing either blank or outfated inforamtion. It is believed to be a problem with the Solr database. Still being investigated by Support.

Luckily, none of these prevent the IPS sensors from doing their jobs, so security is not impaired in my environment.

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 15 of 18

Re: Anyone is using NSP 9.2?

Just to wrap this up, Mcafee Support is strongly recommending customers to stay on Main Release 9.1 unless strictly necessary for one of the new features released on 9.2

Both my issues are official bugs now.

I wish I had known earlier about this recommendation, but since I so not want to downgrade all my infrastructure all over again, im going to have to hang on to it.

dotax
Level 9
Report Inappropriate Content
Message 16 of 18

Re: Anyone is using NSP 9.2?

Hi Kylekat, 

It seems that 9.2 has outbound SSL decryption features, did you happended to evaluate this feature?

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 17 of 18

Re: Anyone is using NSP 9.2?

I have not.

Highlighted

Re: Anyone is using NSP 9.2?

A memory high false alert is coming by 9.2 version

Support suggest to down grade to main release 9.1

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.