Are you sure it is blocked by HIPS ? Is Virusscan Enterprise also installed - perhaps the Access protection feature is blocking the double extension ...
Yeah its blocked by HIPS, it comes up in the HIPS client user interface and also under HOST IPS 8.0 > Events, IPS Events where the detecting product name is HIPS
Even when I set the IPS protection to the default McAfee Warning one and wake up agent, this is still getting blocked.
In another test I also increased the protection to prevent medium (warning) severitiy intrusions however these were still being permitted.
It seems like the IPS protection settings however I set them are not being applied to the policy for some reason, any ideas pls?
Can you post the contect (properties or screenshot) of the event showing up in epo ?
After thorough mind boggling, I managed to get it working!!! Basically new policy changes are not enforced when the client UI is open and unlocked!! I closed the UI, woke up the agent and the new protection levels worked, very happy now!!
Lucklily read this by chance in the help section of ePO.
Cant believe there was no issue like this previously discussed in the forum however should hopefully help others in the future