cancel
Showing results for 
Search instead for 
Did you mean: 
DC-SG
Level 9
Report Inappropriate Content
Message 1 of 5

Difference in HIPS Product and Content Version

Jump to solution

Hello All,

I know some but not all about ePO and HIPS. I have deployed agents including HIPS to clients after MR5 upgrade. The following questions are specifically related to HIPS agent.   During HIPS deployment , I observed something about HIPS product and HIPS content. For example, a client machine can have older HIPS product version with new content version while another client has newest HIPS product with older content versions.

After research McAfee Knowledge Base, I found some but not all answers to my questions. I would appreciate if you could help me understand HIPS better. Below are few specific questions.

Question 1:  What is HIPS product version and HIPS content?

Using Windows terminology, can HIPS Patch # (ex P7) be considered as SP# and HIPS contents as Hot Fix or MS#?

Question 2: to upgrade HIPS 7.0.0.953 p3 to 7.0.0.1102 p7 is it required to up upgrade HIPS sequentially?

This means that HIPS must be upgraded from P3 to P4, then P5, P6 and finally to P7.

Question 3: When using ePO Client Task to upgrade HIPS, should the Patches and Service Packs be done before Signature and Engine Content?

Please refer to the attachment for more details. Thank you very much in advance.

V/R,

DC-SG

1 Solution

Accepted Solutions
carlob
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Difference in HIPS Product and Content Version

Jump to solution

Hi,

Question 1:  What is HIPS product version and HIPS content?

Using Windows terminology, can HIPS Patch # (ex P7) be considered as SP# and HIPS contents as Hot Fix or MS#?

Answer: Host Based Intrusion Prevention patch is a service pack, if you read the release notes, they explain the fixes. Part two is content, which is a signature set update or new signatures that are added .etc

Question 2: to upgrade HIPS 7.0.0.953 p3 to 7.0.0.1102 p7 is it required to up upgrade HIPS sequentially?

This means that HIPS must be upgraded from P3 to P4, then P5, P6 and finally to P7.

Answer: In some cases you may need to, but in others you can go direct, again the readme shipped will direct you.

hope this helps

4 Replies
DC-SG
Level 9
Report Inappropriate Content
Message 2 of 5

Re: Difference in HIPS Product and Content Version

Jump to solution

Sorry,

It does not look like my post has attachment. Here it is.

carlob
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Difference in HIPS Product and Content Version

Jump to solution

Hi,

Question 1:  What is HIPS product version and HIPS content?

Using Windows terminology, can HIPS Patch # (ex P7) be considered as SP# and HIPS contents as Hot Fix or MS#?

Answer: Host Based Intrusion Prevention patch is a service pack, if you read the release notes, they explain the fixes. Part two is content, which is a signature set update or new signatures that are added .etc

Question 2: to upgrade HIPS 7.0.0.953 p3 to 7.0.0.1102 p7 is it required to up upgrade HIPS sequentially?

This means that HIPS must be upgraded from P3 to P4, then P5, P6 and finally to P7.

Answer: In some cases you may need to, but in others you can go direct, again the readme shipped will direct you.

hope this helps

DC-SG
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Difference in HIPS Product and Content Version

Jump to solution

Thanks Carlo.


So each HIPS version works differently depending on instructions.


DC-SG

carlob
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Difference in HIPS Product and Content Version

Jump to solution

Hi DC-SG,

Not really, the components are as follows:

Host Based Intrusion Prevention - Protects applications like SQL form injections, and looks at odd behavior and stops it

Application Control- Create a whitelist of applications that are allowed to be executed on a machine, so you can enforce this even if the user has admin rights ( cool)

Firewall - scans traffic both in and out of the device and can Perform 'quarantine" of the machine if dat file etc is out of date, and can do things like switch off blue tooth etc..

on the whole, a great product.

Be carefully, as this product can enforce policy's if deployed incorrect that can impact your network