4 Replies Latest reply: Sep 26, 2013 10:24 AM by sawta RSS

    How to Re-Enable Host IPS from EPO




      am trying to find a way to renable a list of server that had the hips enabled. For some reason the check mark was uncheked and it would take a lot of time go one by one cheking them all again. Its there anyway from the EPO to make them Enable again? Thanks.


      My Environment:

      Epo 4.5 / 4.6

      Hips Version 7 /8

        • 1. Re: How to Re-Enable Host IPS from EPO

          For this instance, I would do the following:


          Create a "Managed Systems" query, select a table format, and in the "Filter" tab, select the "Host IPS Properties" section, select "HIPS Status" and select "disabled".

          Run this query to see if it gives you a list of systems with Host IPS Disabled.

          Save this query.

          Create a Tag in the "Tag Catalog". Call it something like "Turn on HIPS"

          Create a "Server Task", and set the "Actions" to "Run Query". For the "Sub Actions" field, select "Apply Tag". Select your new tag you just created.

          Schedule the task to run in like 5-10 minutes. Make sure you "save" the task.

          Configure your tag based policy assignment to assign a policy that has HIPS enabled. This will turn HIPS on when this server task is run, and your systems check in.


          This is of course assuming you have ePO 4.6 installed.

          • 2. Re: How to Re-Enable Host IPS from EPO

            This will work perfectly with the one's that says disable, but when i did the query i got many that had unknown in the status. What can i do with those?

            • 3. Re: How to Re-Enable Host IPS from EPO

              That is for you to decide. If you run the server task, the worst it can do is turn on HIPS, which is what you are aiming to do anyway.



              • 4. Re: How to Re-Enable Host IPS from EPO

                Hey, I'm sorry to reply to a message so late, but I just found this via Google.  For anyone else who might run across this same question, I created a modified version of the query that greatscott listed.  His orginal instructions were very close to what I wanted, but did not return any results in its orginal form.  (Basically I needed to run a query and find machines that had McAfee Security Status set to "service is not running" and gave me a red checkmark in the McTray.exe.)


                • Queries and reports
                • Managed Systems
                • Table, Sort By "System Name" (or however you want your results to be sorted)
                • Put in whatever for Chart Feild.  I only needed Last Communcation, System Name and IP Address, for example.
                • Host IPS Properties, Service Running (Host IPS) and leave the search field set as disabled
                • Run


                I didn't bother with the automated part, as I do not have authority over every system on my network and didn't want to mess with other peoples settings (although it's definatly good to message them about it! )


                At this point, if you want to do this by hand, all you need to do is:

                • access services.msc as administrator
                • McAfee Host Intrusion Prevention Service, Properties
                • Startup Type, Automatic, Ok
                • Right click the service, Start