4 Replies Latest reply on Mar 8, 2010 3:41 PM by bgable

    HIPS 7.0 causing eventid 7000 and 7009 for different services during startup of server

      Hi guys,

       

      my HIPS is causing some services on our servers to timeout during the startup of windows 2003 giving the eventid 7000 and 7009 in the event logs. This happens intermittently. ON troubleshooting, we had uninstalled HIPS andthe error just seems to go away. Once HIPS was reinstalled, the problem comes back though not everytime. The services that were stopped spread across a range from Mcafee Task manager to Mcafee Framework service to some other HP services. Mcafee support has advised to upgrade our VSE 8.5 to patch 8 but i just dont think that this is the problem. Anyway we did the upgrade but the problem still persist.

       

      This problem only happens recently after we had install the hotfix ofHIPS 6.0.1 update the signature set and patch the HIPS to 7.0.4.105, . Are anyone facign such issues as well? I would appreciate if someone could help me with this issue as the Mcafee support is not really very helpful in this issue.

       

      Thanks.

      Luke

        • 1. Re: HIPS 7.0 causing eventid 7000 and 7009 for different services during startup of server
          bgable

          Would you say the machine takes longer to boot up?

          It's possible this could be causing the service logon failures.

           

          There is a recently released hotfix (HF533861) for HIP 7.0 that could make a difference in this.  You'll need to open a support ticket to request it though.

          You'll also need to be running HIP 7.0 patch 7 which is releasing later today.

           

          Issue: System startup or shutdown takes an exceedingly long time with Host IPS installed. (Reference: 533861, 537762, 540714)

           

          Resolution: Host IPS could cause a thread from an injected process to wait unnecessarily. The process injection mechanism has been updated to remove the possibility of this wait time.

          • 2. Re: HIPS 7.0 causing eventid 7000 and 7009 for different services during startup of server

            hi bgable,

             

            thanks for the response. This sounds promising. Will the hotfix work on patch 6 instead of patch 7? This is because my systems team is afraid that patch 7 will introduce other problems that will affect the servers. Our organisation is rather strict on pushing down patches to the production servers.

             

            I will try pushing down the hotfix.

             

            Thanks.

             

            Regards,

            Luke

            • 3. Re: HIPS 7.0 causing eventid 7000 and 7009 for different services during startup of server

              Hi bgable,

               

              called Mcafee Support to get the HF but they are only able to find theHF 54071, which the support told me that it is not related to my issue. He said he will be escalating to the 2nd level to obtain the othe 2 HF but get back to be 3 days later to tell me that they are actually the same.

               

              The support has not shown me any documentations and so i am only basing on what he says, which if it is true then the HF 54071 is addressing the issue of system hanging while in use.

               

              bgable, would you be able to point me let me know if this is true and point me in other directions that i can proceed to solve this issue?

               

              Thanks.

               

              Regards,

              Luke

              • 4. Re: HIPS 7.0 causing eventid 7000 and 7009 for different services during startup of server
                bgable

                Yes that is the same reference for HF533861.  I've updated KB68070 which should be live in a day or two...

                 

                Hotfix 533861

                Issue: System startup or shutdown takes an exceedingly long time with Host IPS installed. (Reference: 533861, 537762, 540714)

                 

                Resolution: Host IPS could cause a thread from an injected process to wait unnecessarily. The process injection mechanism has been updated to remove the possibility of this wait time.