This is actually a 2 part question.
First, a user is claiming HBSS is preventing them from installing MS-SQL Service Pack 3 on a database server. I think it's possible that application protection might be preventing changes from being made. How could you stop application protection from blocking installation of SP3 (if that is in fact what is causing the problem) without disabling it for every other server?
Second, another issue a user is having is that HBSS is preventing a Tomcat webserver from starting. One unusual symptom is that just before Tomcat attempts to start up, there are failed log entries for McAfee AV attempting to scan within some java *.jar files. I couldn't see how there would be a connection between Tomcat not starting and failed AV scans, but user states this pattern occurs each time without exception.
Thanks in advance,
For the upgrade Did you try to disable the HIPS agent by clicking the Mcafee icon then configure then un check the options
The tomcat problem is it related to MSSQL upgrade or install or when that happened ? more descriptions should be helpful
You should look at the HIPS events or any related logs and post them here to help people get a clear picture of whats going on
Message was edited by: allamiro on 12/28/10 11:53:45 AM CST
Message was edited by: allamiro on 12/28/10 11:54:43 AM CST
Message was edited by: allamiro on 12/28/10 11:55:15 AM CSTMessage was edited by: allamiro on 12/28/10 11:56:43 AM CST
Yo, not everyone understands what HBSS is.. just a hint. Be more specific to your issue.
Part 1. Just as the other person responded, you may notice that some documentation says to disable HIPS IPS when performing server maintenance... If someone is claiming that HIPS is causing something unwanted, ask them to provide you the HIPS logs. You can identify what's causing the issue.
Part 2. Same issue, if you think VSE is an issue, grab the logs, if you think it's HIPS, grab the logs. But for your sake, if a system service isn't starting up, check out the event viewer first. It may indicate why the service didn't start.
Host Based Security Systems utilized by DoD - just endpoint protection suite of McAfee products for their systems.
YOu dont have to disable it for every server you can just duplicate the policy which will be configured to be disabled and re assigned that policy at the group level or system level for your data base server(s)