6 Replies Latest reply on Nov 21, 2011 6:50 AM by orangefive

    Epo 4.6 (1029) HIPS Content Version reporting

    orangefive

      My EPO server seems to have stopped reporting HIPS information and reports a blank content and client HIPS version.  I have approx 175 machines reporting in this way.  It does display previous Contents of 8.0.0.3900 and 8.0.0.3709 ... I have 8.0.0.4034 installed and in eval branch deployed to test machines but no version later than 3900 is displayed????

        • 1. Re: Epo 4.6 (1029) HIPS Content Version reporting
          pierce

          I find that using the HIPS7 reports dont show the HIPS8 details and vice versa... check your reports are looking at the correct data.

           

          Also do you have your daily/weekly update task set to push out DAT's and HIPS packages? that would also be something to look into.

          • 2. Re: Epo 4.6 (1029) HIPS Content Version reporting
            orangefive

            Thanks for taking time to reply.

             

            Our HIPS 7 clients are still on our old EPO 4.0 server that we are migrating to the new 4.6 server - they update to 8.8 - hips 8 when transfered.  The reports are (have) collecting the data for HIPS 8 and content updates to .3900 but interestingly it may only be up to a certain time as no new machines with later dats get reported in the default HIPS content version reports on the 4.6 server.  Seems like the DB has stopped updating new clients as If I delete an exisiting one it is removed from the stats.

             

            I have a daily full update early hours task to update full/all products and then an evening update just for DATS if they are updated.  I have checked the Full update job and HIPS content is included.  New HIPS clients dont report content or HIPS client versions.

            • 3. Re: Epo 4.6 (1029) HIPS Content Version reporting
              pierce

              Hey,

               

              still sounds like your using HIPS7 default reports to query HIPS8 installs and its not showing you anything,

               

              Here is a mini example from my setup that is 70% HIPS7 and 30% HIPS8.

              hips.png

               

              those '100' are all on HIPS8 but this report dosnt seem to understand that.

               

              If you look under reports there is a Host IPS section and a Host Intrusion Prevention section, one works for 7 and one for 8. Find the report your running under both and see what it shows?

               

              Of course I might be barking completely up the wrong tree with all of this....

              • 4. Re: Epo 4.6 (1029) HIPS Content Version reporting
                orangefive

                Thanks for the reply - been on holiday this week - ill post a screen pic when im back - it clearly shows hips CONTENT versions except the last 2 which are blank.  The Client versions screen works ok - Ill take a look though but have not installed any HIPS 7 products on my new 4.6 EPO build - thanks for the pointer though ill check it out.

                • 5. Re: Epo 4.6 (1029) HIPS Content Version reporting
                  kink80

                  I think pierce is right that there are two distinct queries one from HIPS 7 and one from HIPS 8. I have included a screenshot of my test EPO server the top report is from HIPS 7 query and the bottom is from HIPS 8 query.

                   

                  HIPSContent.jpg

                  • 6. Re: Epo 4.6 (1029) HIPS Content Version reporting
                    orangefive

                    Just did my querie from scratch ensuring HIPS 8 content versions selected and it is the same thing...  My HIPS content as it is displayed.....

                     

                    av1.jpg

                     

                    When I go into the Blank 184 clients there are machines with 8.0.0.3900 - and HIPS 8 installed but are not displaying any client or content versions.  Example:

                     

                    av2.jpg

                    When I click on HIPS within products when selecting machine it displays content and client versions...

                     

                    av3.jpg

                     

                    Something else odd with HIPS is that I am checking in the new content into a test part of the tree which has a mcafee agent policy to install the evaluation DAT which is 8.0.0.4034.4034 but that is not installing or reporting anywhere.