Which exact file are you seeing over 100mb? The Activity log reads from the raw data event.log file. This file should be no larger than the file size set in the HIPS General Client UI policy (Troubleshooting tab). Other HIPS log files will be up to 100-125mb each (especially if the system has Host IPS debug logging enabled.
The log is: c:\programdata\McAfee\Host Intrusion Prevention\HipShield.log. Judging from your response, maybe this is not the log which is referenced in the Client UI settings then. In any case, assuming this is a different animal, is there a way to modify settings for the above log to have it rotate at smaller sizes?
Thanks for your response!
Correct, the hipshield.log file is not the HIPS Client UI Activity log. The hipshield.log file will grow up to 125mb (when client logging is enabled; disabled by default). You can modify the (other) HIPS logs via the below KB article.
KB51517 - Host Intrusion Prevention 7.0 agent logging and troubleshooting on Microsoft Windows
Thanks Kary, now that's more like it! This I can deal with. Not wanting to push my luck, but since these keys don't come out the box loaded in the registry and have to be inserted I was wondering if there may be a way to have them installed with the settings we would like at initial installation from a client task. Is there a switch that can be used for this? Since IPS needs to be disabled on a HIPS client prior to modifying this registry point, I don't see SCCM or a GPO doing this. Just asking...
I was wondering if there may be a way to have them installed with the settings we would like at initial installation from a client task. Is there a switch that can be used for this?
Sorry, no, these registry keys would have to be done outside of client deployment.