I have had hard time deploying or installing HIPS to clients during MR3 upgrade. Below is the sequence of my steps.
1) Disabling HIPS, Source Pull, Distributed Repository Replication, Access Protection for the ePO server
2) Checking or installing all MR3 packages to the ePO server.
3) Enabling HIPS, Source Pull, Distributed Repository Replication, Access Protection for the ePO server
4) Deploying Agent (184.108.40.2064) successfully
5) Installing HIPS 220.127.116.110 using Deploment Task.
During step 5, only few clients have the new HIPS version (18.104.22.1680) installed. During the process, there was no errors (during deploy and wakeup).
I did some comparison of settings between clients with new HIPS version and ones without new HIPS version. Please refer to the attachment for details.
I have 2 questions:
Q1: what is the best method to deploy or install the new HIPS version (here 22.214.171.1240)
Q2: The instruction mentioned HIP SlipStream Client Patch 6 (current branch) and HIP Update Client Patch 6 (Evaluation branch). Does this means that SlipStream Client must be installed/deployed first before Update Client?
Thankyou for your help in advance,
Hello Joshua Ahn
While searching the clue and solution to my problem "HIP 126.96.36.1990 (MR3) deployment failure", I ran into your note for anther issue.
Your note is included here for easy reading:
Host IPS Client 7.0.0 Patch 5 updates only Host IPS Client 7.0.0. It does not update an earlier version.
Patch 5 is language independent and updates English and non-English systems. Host IPS 7.0.0 Patch 5
does not require a restart but may cause a brief interruption in network traffic.
To install using ePolicy Orchestrator, add the package to the ePolicy Orchestrator repository. The package
will show version ‘Win-5’. Deploy using an ePolicy Orchestrator agent Update task.
To install locally, run the patch installation application on the target system. To do this:
1. Disable Host IPS protection with an ePolicy Orchestrator delivered policy or in the local client UI.
2. Run McAfeeHIP_ClientPatch5.exe.
3. Enable Host IPS protection.
A bit of history:
1) Originally, my ePO had HIP 188.8.131.523 (before MR1). I had to upgrade my ePO server to MR1, MR2, MR3 and eventually MR4 for the inspection. During MR1, I deployed HIP to many of my managed machines or clients. I had a hard time at that time. I learned that If it was that difficult to deploy HIP why not upgrade ePO server to at least MR3 (there is a reason for not going all the way to MR4, at least in my opinion which could be wrong) and deploy HIP agent. In the process, I tested HIP deployment from time to time. Because of that "testing", few of my clients have HIP from 184.108.40.2061 and 220.127.116.113. But the majority had 18.104.22.1686 during MR1.
2) For the past 2 days, I was able to deploy HIP 22.214.171.1240 to 9 clients. (Deploy means using Product Deployment task). Up to now, I have always used Deployment task. But your statment (which was quoted from McAfee KB...) may solve my problem. However before messing up more, I would like to ask you a question.
Q1: In updating (using Product update task) HIP 7.x to 126.96.36.1990, will I choose "Selected Packages" to include Engine, DAT and then Patches/Service Packs to include HIPS 7.0.0? If not what options should I choose?
Note: I did checked in the package and it was indeed "WIN-5".
Thanks in advance.