Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1485 Views 4 Replies Latest reply: Sep 26, 2013 10:24 AM by sawta RSS
blackinux Newcomer 41 posts since
Jul 28, 2011
Currently Being Moderated

Aug 13, 2012 5:40 PM

How to Re-Enable Host IPS from EPO

Hi,

 

am trying to find a way to renable a list of server that had the hips enabled. For some reason the check mark was uncheked and it would take a lot of time go one by one cheking them all again. Its there anyway from the EPO to make them Enable again? Thanks.

 

My Environment:

Epo 4.5 / 4.6

Hips Version 7 /8

  • greatscott Champion 287 posts since
    Jul 18, 2011
    Currently Being Moderated
    1. Aug 14, 2012 6:56 AM (in response to blackinux)
    Re: How to Re-Enable Host IPS from EPO

    For this instance, I would do the following:

     

    Create a "Managed Systems" query, select a table format, and in the "Filter" tab, select the "Host IPS Properties" section, select "HIPS Status" and select "disabled".

    Run this query to see if it gives you a list of systems with Host IPS Disabled.

    Save this query.

    Create a Tag in the "Tag Catalog". Call it something like "Turn on HIPS"

    Create a "Server Task", and set the "Actions" to "Run Query". For the "Sub Actions" field, select "Apply Tag". Select your new tag you just created.

    Schedule the task to run in like 5-10 minutes. Make sure you "save" the task.

    Configure your tag based policy assignment to assign a policy that has HIPS enabled. This will turn HIPS on when this server task is run, and your systems check in.

     

    This is of course assuming you have ePO 4.6 installed.

  • greatscott Champion 287 posts since
    Jul 18, 2011
    Currently Being Moderated
    3. Aug 15, 2012 7:20 AM (in response to blackinux)
    Re: How to Re-Enable Host IPS from EPO

    That is for you to decide. If you run the server task, the worst it can do is turn on HIPS, which is what you are aiming to do anyway.

     

  • sawta Newcomer 4 posts since
    Jul 18, 2013
    Currently Being Moderated
    4. Sep 26, 2013 10:24 AM (in response to greatscott)
    Re: How to Re-Enable Host IPS from EPO

    Hey, I'm sorry to reply to a message so late, but I just found this via Google.  For anyone else who might run across this same question, I created a modified version of the query that greatscott listed.  His orginal instructions were very close to what I wanted, but did not return any results in its orginal form.  (Basically I needed to run a query and find machines that had McAfee Security Status set to "service is not running" and gave me a red checkmark in the McTray.exe.)

     

    • Queries and reports
    • Managed Systems
    • Table, Sort By "System Name" (or however you want your results to be sorted)
    • Put in whatever for Chart Feild.  I only needed Last Communcation, System Name and IP Address, for example.
    • Host IPS Properties, Service Running (Host IPS) and leave the search field set as disabled
    • Run

     

    I didn't bother with the automated part, as I do not have authority over every system on my network and didn't want to mess with other peoples settings (although it's definatly good to message them about it! )

     

    At this point, if you want to do this by hand, all you need to do is:

    • access services.msc as administrator
    • ´╗┐´╗┐McAfee Host Intrusion Prevention Service, Properties
    • Startup Type, Automatic, Ok
    • Right click the service, Start

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points