I wasn't sure what the HIPS action was since it said "A false positive event has been triggered." but you're correct if it's a high alert that would need investigating and possible allowances.
Has anyone tried to deploy the hotfix using SCCM? We're trying to roll it out using SCCM and are having some difficulties getting it to work.
You might need to pass the /F to the installer to get it to actually install.
Here is what I am seeing at my locations.
1. Just because a machine is showing the Engine as version 0.0 in an EPO Orchestrator query doesn't mean that that system is messed up. Machines that have not fully reported since having Mcafee installed will do this. I also have an XP machine that is showing up as 0.0 on the query, but it shows up correctly on the machine itself and it passes the EICAR test.
2. I haven't had any reports of any machines having trouble accessing the web.
3. Tested all our servers and none of them failed the EICAR test.
4. Spot tested a few user machines and did not find any that failed the EICAR test.
What version of EPO Orchestrator, Agent, etc. are running on machines that messed up?
We have the latest everything except for the Agent 4.6 "Reporting and Policy Extension (Patch 2)" which was just released.Message was edited by: cyclone3d on 8/21/12 2:24:26 PM CDT
Will client computers which have updated to DAT 6811 install this hotfix automatically through EPO? We use the McAfee repository as backup repository for systems updates in case they are outside of the private network at update time.
Clients picking up 6811 - any news anywhere - do we still need to HotFix?? If I have to hotfix it is out of band and I will need an emergency change for the non affected 8.8 clients to receive it - an ec was approved today for those with 0.0000 engine to receive the hotfix. If it is a DAT I can approve without change.
I don't believe there is. The OAS shows enabled even though it really isn't working. The best way to confirm is to try an eicar test file on the system. If it doesn't pick it up then you know it's not working.