cancel
Showing results for 
Search instead for 
Did you mean: 
damiafaw
Level 10
Report Inappropriate Content
Message 1 of 42

VSE Patch 7 and HIPS Patch 7 out

Anyone installed and have any issues yet (I know, its early, but there might be problems straight away)

I am about to test/install in evaluation.

41 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

Moved provisionally to VSE for faster response.

---

Peter

Moderator

damiafaw
Level 10
Report Inappropriate Content
Message 3 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

So far - I get the reboot mcafee request every time I reboot the machine (HIPS would be the culprit like it was in previous patches)

I did an update from Patch 6.

I appear to now have lost my mcafee tray icon on the second or third reboot, normal methods of having it return do not appear to work.

Services are running and exe files are listed from what I can see.

Reboot brought it back again

Going to remove HIPS and reinstall from main package and see if issue occurs regarding rebooting.

damiafaw
Level 10
Report Inappropriate Content
Message 4 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

FYI - make sure you download the management extensions and install them from software centre - they dont show like the VSE ones, just listed as Download only.

damiafaw
Level 10
Report Inappropriate Content
Message 5 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

Removed VSE and HIPS as not able to run the install task for HIPS Patch 7 properly.

Restarted and tray icon gone on reboot....yet services running and I can wake the agent up.

Running agent 5.0.2.188

damiafaw
Level 10
Report Inappropriate Content
Message 6 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

Two machines tested and both machines constant reboot request after resetting laptops - if I say later, it doesnt come back til a reset,

Both had 5.0.2.188 agents and Patch 6 for VSE and HIPS.

This happens with HIPS previously too, but rarely....this is 2 out of 2 so far.

Dont really want to keep testing machines

I do see the following issues after update though in the threat event logs in EPO;

McAfee Host Intrusion Prevention successfully read policy from registry


And

Detecting Product Name:VirusScan Enterprise

Threat Source Process Name:C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\HELPER32.EXE
Threat Target File Path:HKLM\SOFTWARE\WOW6432NODE\MCAFEE\MCTRAY\PLUGINS\HIPSPLUGIN\

Threat Name:Common Standard ProtectionSmiley Tonguerevent modification of McAfee Common Management Agent files and settings
Event Description:Access Protection rule violation detected and blocked


This is in the logs itself;

policybag.Warning: returning default policy for section=AGENT\CONFIGURATION , key=AgentVersion , value=5.0.0

2016-02-26 19:34:17.261 masvc(1020.1228) event.Info: Publishing event filter, as clients don't have latest event filter version.

damiafaw
Level 10
Report Inappropriate Content
Message 7 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

Once I remove HIPS and try to reinstall...I can no longer push a task to the agent manually it seems

Re: VSE Patch 7 and HIPS Patch 7 out

Hi

The Release notes refer to some product compatibility issues and reference KB79397

If you remove VSE and HIPS and use the Full Package to redeploy to the clients, do you experience the same issues.

We don't use HIPS yet and are planning some testing for VSE 8.8P7 for next week.

Regards

Rich

Certified McAfee Product Specialist - ePO

McAfee Volunteer Moderator

damiafaw
Level 10
Report Inappropriate Content
Message 9 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

Nearly 98% of our installs, will be updates if we roll out Patch 7, most machines (workstations) are on Patch 6 currently - therefore I'm not looking at removal and reinstalls due to the size of the business, etc.

VSE seems to install fine so far, from what I can tell - HIPS seems to cause me the issues currently.

Removing HIPS and letting it reinstall from Patch 6 to automatically update to Patch 7 let it install properly without the restart box showing up on every reboot.

However still unable to push manual tasks it seems.

Also, seems that Windows 8.1 thinks VSE isnt turned on...yet the Security Status says everything is ok from the mcafee tray icon.

Anyone else experiencing weird stuff with these new updates?

wwarren
Level 15
Report Inappropriate Content
Message 10 of 42

Re: VSE Patch 7 and HIPS Patch 7 out

I am hearing of (and seen for myself) an issue associated with the Access Protection rule:   Prevent Windows Process spoofing.

The team is erecting KB86694 for this.


This rule is not enabled by default, but it seems quite a few folks have enabled it and started seeing this after upgrading.

And you could see it after upgrading to HIPS P7, or MA 5.0.2.333 also, if VSE is installed and that AP rule is enabled.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee