7 Replies Latest reply on Apr 6, 2010 2:17 PM by Bill_the_Cat

    Remote disable HIPS via script

      >

      Good day all. I am looking for a way to remotely present the HIPS GUI with the unlock password and temporarily disable both Host and Network IPS.

       

      We have several McAfee agents that are the correct versions for our installation (4.5.0.1270), but are being read as rogues because we forgot to clear the GUID out of the registry when we made the ghost image. We need to delete the agent registry key so that when the agent enforces policies, it generates a new guid. Unfortunately, HIPS is hiding the key, and it isn't managed, so we can't turn it off remotely. We can remote desktop into the box, disable HIPS through the GUI, and then delete the key and enforce the policies, which works great. However, we have about 140 boxes, and one at a time is too time consuming. We can script the key deletion and the McAfee agent policy enforcement part, but we haven't been able to figure out how to get the HIPS part scripted. Any help would be appreciated!

       

        
      McAfee Agent 
      Version number: 4.5.0.1270
      Managed 
         
         
      Host Intrusion Prevention 7.0.0 
      Version number: 7.0.0.1070