Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 10
Report Inappropriate Content
Message 1 of 11

HIPS 7 on Windows 7 Policy Application Issue

Anybody else seeing issues with policy application for HIPS 7 on Windows 7?
I've applied patch 6 and still see the issue of my policies not being applied....default password still in use etc. I've opened a call with McAfee and am unsure if this is widespread. We're using ePO 4.5 btw...

10 Replies

RE: HIPS 7 on Windows 7 Policy Application Issue

Do you have the correct extension loaded in ePO as per this KB ?

We're on ePO 4P5 and MA4P3 and it works fine though ...

"Host IPS 7.0.4 extension for ePolicy Orchestrator is required for correct policy management of clients running Microsoft Windows 7. The extension also corrects reports and dashboard views from ePO 4.0 for Host IPS clients running 7.0 Patch 5 or later."
Level 10
Report Inappropriate Content
Message 3 of 11

RE: HIPS 7 on Windows 7 Policy Application Issue

yeah we have that extension installed and it has not worked with patch 4, 5 or 6 - This is on an ePO 4.5 server however

RE: HIPS 7 on Windows 7 Policy Application Issue

Weird ... unfortunately I'm not running ePO 4.5 so this might be the problem. What MA do you use? 4 or 4.5? Did you try to create a new client update tasks from scratch ... as I had to re-create them in order to have it working on Win 7.
Level 10
Report Inappropriate Content
Message 5 of 11

RE: HIPS 7 on Windows 7 Policy Application Issue

We've tested agent 4p2, 4p3 and 4.5. Tasks are not the issue - policies are. I have recreated those and it hasn't made a difference. The bad thing is that the agent gives no indication that it isn't applying the polciy - from the log everything appears to be working. The way we discovered it was when trying to unlock the HIPS console because it does not use the password we have set in the policy and instead keeps the default. After that we tested different policies and noticed that it was staying with the defaults no matter what policy we set.


RE: HIPS 7 on Windows 7 Policy Application Issue

hmm...running epo 4.5/ma 4.5 here with hips7 p6 and not experiencing your issue on win7 x64.
Are your policies set to enforce? Have you done a wakeup call with both options/force policy update checked?
Level 7
Report Inappropriate Content
Message 7 of 11

Policy enforcment issues

Hi all.

I dont know If I'm posting to the correct thread here, but lets give it a go.

We have just rolled out the ePO 4,5 and the 4,5 agents on our networks.

I have also imported the hotfix 2 for VSE 8.7 so everything should be normalized and all patches quite ready.

I have seen the following issues for win_7 64-bit and Vista 64-bit, no- package received when checking new policies on these agents. And the policies have changed indeed.

I'm in need of changing the policies because we create our own SMPT programs which sends quite a bit of mail, and we discovered that the HIPS prevented this (Classic Worm Spread scenario). I changed the policy to allow mass emailing for users who required this option, but only XP-32 bit machines gets the new policy and updates accordingly.

This means that we have quite a few Vista 64-bit and Win-7 machines that have not updated their policies.

The hot fix link mentioned earlier in this thread appears to be broken from where I'm standing.

Any ideas on how I should proceed with this issue?

S.O and SSE
Level 10
Report Inappropriate Content
Message 8 of 11

RE: Policy enforcment issues

What patch for HIPS? What HIPS extension do you have checked in?

Level 7
Report Inappropriate Content
Message 9 of 11

RE: Policy enforcment issues

Actually it's based on the Host Intrusion Prevention content, which was integrated in the ePO 4,5.

And I may have said smth untrue, if HIPS is a standalone product. We're currently using the VSE 8.7 build 570 with hotfix 2.

The Engine is 5301.4018

But the policies being updated go for more than the access and firewall control. It seems I am completely unable to roll out new policies for win-7 and vista 64-bit once the agent 4,5 has conducted it's first and initial GUID sequence with the server.

Rolling out tasks and updates and product deployment seems to work fine.

Re: RE: Policy enforcment issues

I am encountering the same issue, after the initial policy pull, it no longer receives policy.

Did you find a solution?

My System Information --

  McAfee Agent Version number: 

  McAfee AntiSpyware Enterprise Module Version number:

  VirusScan Enterprise + AntiSpyware Enterprise Version number: 8.7i ( Build date: 9/1/2009

  Scan engine version (32-bit): 5400.1158

  DAT version: 5837.0000

  DAT Created on: 2009/12/19


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community