9 Replies Latest reply on Jul 16, 2010 10:17 AM by Kary Tankink

    HIPS versions mismatch

      Has anyone else run into a situation where once a HIPS patch is applied (for example patch 7) the details on the system page still show the old patch until the system or framework service are restarted?  I've really started noticing this after checking in patch 7 because of a large discrepency between the built in HIPS query in ePO, which uses "Client Version (Host IPS)", and some queries I wrote which use "Hotfix/Patch Version (Host Intrusion Prevention)".

       

      Example:

      System Details show:

      Host Intrusion  Prevention

      Product Version 7.0.0.953
      Language English
      Hotfix/Patch Version 3.0.5
      Service Pack

       

      but click on 'More' and you'll see this info which is confirmed when looking at the actual files on the system:

       

      ProductVersion7.0.0.1102
      CodeVersion7.0.0.1102
      Hotfix7
      Patch7
      PluginVersion7.0.0.1102

       

       

      according to the readme the patch and hotfix should be the same:

      Version Reporting

       

      Host IPS 7.0.0 Patch 7 clients report Patch – 7Hotfix – 7, and Code Version – 7.0.0.1102 in the ePolicy  Orchestrator Properties tab for Host Intrusion Prevention 7.0.0.

       

       

       

      With ePolicy Orchestrator 3.6 you can use the  Product Protection Summary report to determine which clients received Patch 7.  Patch 7 clients will report product version 7.0.0.x..7.

       

       

       

      With ePolicy Orchestrator 4.0 you can write a query  and search for the Host IPS Plug-in Version. Patch 7 clients will report  product version 7.0.0.1102.