1 2 Previous Next 10 Replies Latest reply on Dec 22, 2009 1:33 PM by andymease

    HIPS 7 on Windows 7 Policy Application Issue

      Anybody else seeing issues with policy application for HIPS 7 on Windows 7?
      I've applied patch 6 and still see the issue of my policies not being applied....default password still in use etc. I've opened a call with McAfee and am unsure if this is widespread. We're using ePO 4.5 btw...

      Andrew
        • 1. RE: HIPS 7 on Windows 7 Policy Application Issue
          Do you have the correct extension loaded in ePO as per this KB https://kc.mcafee.com/corporate/index?page=content&id=KB65997 ?

          We're on ePO 4P5 and MA4P3 and it works fine though ...

          "Host IPS 7.0.4 extension for ePolicy Orchestrator is required for correct policy management of clients running Microsoft Windows 7. The extension also corrects reports and dashboard views from ePO 4.0 for Host IPS clients running 7.0 Patch 5 or later."
          • 2. RE: HIPS 7 on Windows 7 Policy Application Issue
            yeah we have that extension installed and it has not worked with patch 4, 5 or 6 - This is on an ePO 4.5 server however
            • 3. RE: HIPS 7 on Windows 7 Policy Application Issue
              Weird ... unfortunately I'm not running ePO 4.5 so this might be the problem. What MA do you use? 4 or 4.5? Did you try to create a new client update tasks from scratch ... as I had to re-create them in order to have it working on Win 7.
              • 4. RE: HIPS 7 on Windows 7 Policy Application Issue
                We've tested agent 4p2, 4p3 and 4.5. Tasks are not the issue - policies are. I have recreated those and it hasn't made a difference. The bad thing is that the agent gives no indication that it isn't applying the polciy - from the log everything appears to be working. The way we discovered it was when trying to unlock the HIPS console because it does not use the password we have set in the policy and instead keeps the default. After that we tested different policies and noticed that it was staying with the defaults no matter what policy we set.

                Andrew
                • 5. RE: HIPS 7 on Windows 7 Policy Application Issue
                  JeffGerard
                  hmm...running epo 4.5/ma 4.5 here with hips7 p6 and not experiencing your issue on win7 x64.
                  Are your policies set to enforce? Have you done a wakeup call with both options/force policy update checked?
                  • 6. Policy enforcment issues
                    Hi all.

                    I dont know If I'm posting to the correct thread here, but lets give it a go.


                    We have just rolled out the ePO 4,5 and the 4,5 agents on our networks.

                    I have also imported the hotfix 2 for VSE 8.7 so everything should be normalized and all patches quite ready.

                    I have seen the following issues for win_7 64-bit and Vista 64-bit, no- package received when checking new policies on these agents. And the policies have changed indeed.

                    I'm in need of changing the policies because we create our own SMPT programs which sends quite a bit of mail, and we discovered that the HIPS prevented this (Classic Worm Spread scenario). I changed the policy to allow mass emailing for users who required this option, but only XP-32 bit machines gets the new policy and updates accordingly.

                    This means that we have quite a few Vista 64-bit and Win-7 machines that have not updated their policies.

                    The hot fix link mentioned earlier in this thread appears to be broken from where I'm standing.

                    Any ideas on how I should proceed with this issue?


                    Mjm
                    S.O and SSE
                    • 7. RE: Policy enforcment issues
                      What patch for HIPS? What HIPS extension do you have checked in?

                      Andrew
                      • 8. RE: Policy enforcment issues
                        Actually it's based on the Host Intrusion Prevention content, which was integrated in the ePO 4,5.

                        And I may have said smth untrue, if HIPS is a standalone product. We're currently using the VSE 8.7 build 570 with hotfix 2.


                        The Engine is 5301.4018


                        But the policies being updated go for more than the access and firewall control. It seems I am completely unable to roll out new policies for win-7 and vista 64-bit once the agent 4,5 has conducted it's first and initial GUID sequence with the server.

                        Rolling out tasks and updates and product deployment seems to work fine.
                        • 9. Re: RE: Policy enforcment issues

                          I am encountering the same issue, after the initial policy pull, it no longer receives policy.

                           

                          Did you find a solution?

                           

                           

                           

                          My System Information --

                            McAfee Agent Version number: 4.5.0.1270 

                            McAfee AntiSpyware Enterprise Module Version number: 8.7.0.129

                            VirusScan Enterprise + AntiSpyware Enterprise Version number: 8.7i (8.7.0.570) Build date: 9/1/2009

                            Scan engine version (32-bit): 5400.1158

                            DAT version: 5837.0000

                            DAT Created on: 2009/12/19

                            

                          1 2 Previous Next