Moved to our HIPs area for better attention.
1 of 1 people found this helpful
There was an old issue that was fixed back in Patch 2, but nothing recent. I would test disabling each HIPS module to isolate where the problem is and see if it can be correct with a configuration change (any IPS signature violations? Any blocked network traffic from the Firewall? Any blocked applications in Application Blocking?).
Unfortunately, looking for signature matches was the first thing. No matches, no activity log notices and nothing reported to ePO in IPS events reporting. Application Blocking and Firewall are off. This is one of those things where there is absolutely nothing in the log except (I think the firesvc.log --- I'm home right now so can't check) you see the last HIPS entry and nothing more after Veritas runs.
HIPS install on the VERITAS Server (where the Veritas policies are) actually breaks Veritas there so Veritas services don't start. But that is another problem alogether.
We see the issue with the netbackup of Veritas only on specific file servers and DCs out of about 60 servers total. The issue described beginning with patch 2 --- sounds like the problem (I had researched that the other day) but we are at patch 7 and didn't experience it until patch 6. I wonder if it was a complete fix???
None currently that I know of...
1) Exclude the Veritas processe(s) from Host IPS Application Protection list.
2) Otherwise, disable Host IPS svc and reboot, see if that works.
If not, call into support and ask to edit the Kevlar Hook List file for further troubleshooting.