3 Replies Latest reply on Apr 8, 2010 8:34 AM by bgable

    Firewall Adaptive Mode

      Is there a difference between HIPS on a server versus on a workstation ie. 2003 vs XP?  I know it is the same software but does it perform differently.  I was told by some one that Adaptive mode on a server requires a reboot whereas it does not on a workstation.  I have an issue in that I've installed HIP 7.0 P7 on a windows 2003r2 x64 and all policies are set to adaptive.  What is happening is that the HIPS Firewall is blocking all SQL (TCP-1433) at installation.  Once I rebooted the server the SQL service got added dynamically to the ruleset and is allowed.  Why did it block originally?  This is not good especially if it requires me to reboot the server.


      Any thoughts or suggestions?



        • 1. Re: Firewall Adaptive Mode




          Yes there is a difference.


          There are 2 versions.


          1} HIPS for Servers 2} HIPS for Desktops.


          Server version is known as :- HIS> Host Intrusion for Servers.


          Desktop version is known as ;- HID > Host Intrusion for Desktops.


          The functionalities also differ. You might want to take a look at the products guides to get more info about the same. HID is included with the Total protection for Endpoint versions of the McAfee. The Server version has to be bought seperately.





          Message was edited by: sameer172006 on 3/25/10 1:58:19 PM CDT
          • 2. Re: Firewall Adaptive Mode

            Yes Sameer, from a Product point of view they are 2 seperate solutions but in actuallity it is the same software.  They share the same product/installation guide as well and unfortuantely, there is no mention of the differences when running on a workstation vs server.

            • 3. Re: Firewall Adaptive Mode

              If the traffic was inbound, then adaptive mode would not learn the traffic.

              You should add the appropriate rule to your applied fw policy.