4 Replies Latest reply on Nov 4, 2010 10:49 AM by carlob

    Difference in HIPS Product and Content Version

    DC-SG

      Hello All,

       

      I know some but not all about ePO and HIPS. I have deployed agents including HIPS to clients after MR5 upgrade. The following questions are specifically related to HIPS agent.   During HIPS deployment , I observed something about HIPS product and HIPS content. For example, a client machine can have older HIPS product version with new content version while another client has newest HIPS product with older content versions.

       

      After research McAfee Knowledge Base, I found some but not all answers to my questions. I would appreciate if you could help me understand HIPS better. Below are few specific questions.

       

      Question 1:  What is HIPS product version and HIPS content?

      Using Windows terminology, can HIPS Patch # (ex P7) be considered as SP# and HIPS contents as Hot Fix or MS#?

       

      Question 2: to upgrade HIPS 7.0.0.953 p3 to 7.0.0.1102 p7 is it required to up upgrade HIPS sequentially?

      This means that HIPS must be upgraded from P3 to P4, then P5, P6 and finally to P7.

       

      Question 3: When using ePO Client Task to upgrade HIPS, should the Patches and Service Packs be done before Signature and Engine Content?

       

      Please refer to the attachment for more details. Thank you very much in advance.

       

      V/R,

       

      DC-SG

        • 1. Re: Difference in HIPS Product and Content Version
          DC-SG

          Sorry,

           

          It does not look like my post has attachment. Here it is.

          • 2. Re: Difference in HIPS Product and Content Version
            carlob

            Hi,

             

            Question 1:  What is HIPS product version and HIPS content?

            Using Windows terminology, can HIPS Patch # (ex P7) be considered as SP# and HIPS contents as Hot Fix or MS#?

             

            Answer: Host Based Intrusion Prevention patch is a service pack, if you read the release notes, they explain the fixes. Part two is content, which is a signature set update or new signatures that are added .etc

             

            Question 2: to upgrade HIPS 7.0.0.953 p3 to 7.0.0.1102 p7 is it required to up upgrade HIPS sequentially?

            This means that HIPS must be upgraded from P3 to P4, then P5, P6 and finally to P7.

             

            Answer: In some cases you may need to, but in others you can go direct, again the readme shipped will direct you.

             

            hope this helps

            • 3. Re: Difference in HIPS Product and Content Version
              DC-SG

              Thanks Carlo.


              So each HIPS version works differently depending on instructions.


              DC-SG

              • 4. Re: Difference in HIPS Product and Content Version
                carlob

                Hi DC-SG,

                 

                Not really, the components are as follows:

                 

                Host Based Intrusion Prevention - Protects applications like SQL form injections, and looks at odd behavior and stops it

                 

                Application Control- Create a whitelist of applications that are allowed to be executed on a machine, so you can enforce this even if the user has admin rights ( cool)

                 

                Firewall - scans traffic both in and out of the device and can Perform 'quarantine" of the machine if dat file etc is out of date, and can do things like switch off blue tooth etc..

                 

                on the whole, a great product.

                 

                Be carefully, as this product can enforce policy's if deployed incorrect that can impact your network