9 Replies Latest reply on Jun 26, 2015 11:19 AM by protector

    HIP 8.0 Loses EPO Firewall ruleset?

      Anyone see this issue, its been random so I am not really sure what starts it.

       

      While working  on my test PC to build a 8.0 rulset I have Learn Mode enabled for outgoing only. (IPS enabled, Host and Network)  Every now and again the Firewall will ask for approval on programs I know I have set in the EPO rule set.  I open the HIP client and look at the firewall rules and all the rules enforced by EPO are gone.  If I open the agent and click enforce policy the rules will all be populated again and the popus will stop.  Also note when I do an enforce policy I do not need to be connected to the network where EPO server resides so the agent is able to pull them from it's policy cache.  Also I enforce policies on this system every 15 minutes so if I wait to till the policy auto enforces again the rules will come back as well.

       

      Feels like a bug in the system but this has only happened about 7 times in the last month but it has happened on all 4 of my test boxes.  Plus I have two different EO HIP 8 polices, one internal PCs and one external, and the issue seems related to the client program and not the policy.  However I have not ruled out EPO or agents as a possible issue.  I have opened an issue with Mcafee but it is so random it is hard to actually show them this.

       

      Enviroment:

      Windows 7 SP1 x64 (fully patched for MS security updates)

      HIP 8.0 Build: 1741

      Security Content Version: 8.0.0.3900

      EPO 4.6

      Agent: 4.6.0.1694