Ive also noticed that randomly HIPS will lose firewall rules between reboots. Its not all rules, just some.
Id love a client 'export' ruleset feature. It would allow me to back up my rules until the flakyness of this 8.0 release.
Otherwise its a good product.
We are seeing this in a big way too. It seems to mainly be on XP running HIPS 8. But, it could be just HIPS 8. Is there anyone "in the know" that can shed some light on this?
Im running Windows 7 Ultimate x64
Backup the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP\Config\Firewall\Rules this contains the local firewall ruleset.
For some reason the client detetcts the rules were there:
11/23/2011 22:09:06 pgpRegistry.cpp ERROR (1640) RegDBGetKey2() - failed to open key "Software\McAfee\HIP\Config\Firewall\Rules\111". Error = 19.
11/23/2011 22:09:06 HpmRegistry.cpp ERROR (1640) saveFirewall() - failed to open/create registry key "Software\McAfee\HIP\Config\Firewall\Rules\111"
11/23/2011 22:09:06 HpmRegistry.cpp ERROR (1640) saveFirewall() - failed to create key for entity "Dynamically Created Via Learn Mode". The entity will be skipped and processing will continue
It looks like the FireSVC tried to write the firewall ruleset to registry, failed and on next reboot they were gone.
I have a platinum case open regarding this issue. Hopefully, we can get to the root cause of this.
Another reboot, and ruleset lost again.
Very strange. I suggest backing up HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP\Config\Firewall\Rules
Well I want to add:
Patch1 has seemed to reduce the amount this happens however it still does happen. i never 100% lose the ruleset but always happens when I switch from either a wireless to wired network or back. (WAN/LAN switching on HP laptops) I have only Tested Windows 7 SP1 since Windows XP and HIP 8 is horrbily broken in my enviroment. Basically HIP 8 installed on Windows XP SP3 will not connected to a wireless network 80% of the time. It either cannot see any networks or cannot get IP address. This is even with the firewall installed but not turned on. All drivers for networking and PC up to date. All patches for OS up to date. (That is OT though, we are only deploying HIP 8 to Windows 7 computers)
Has anyone managed to completely resolve this yet?
Did Platinum support ever solve this?
We are on HIPS 8 Patch 5 and this issue is occurring to us now. Has anyone resolved this yet?