I have a query showing endpoints that have HIPS 8 installed, have added some extra columns to show the status of the firewall . hostIPS, Network IPS and what the polices are that have been applied to each HIPS 8 device.
The issue I have out of the 12 devices that we have piloting HIPS only 2 of the devices show the correct infomation. The other 10 only show the product version and hotfix / patch level. For the information of the status of Firewall, Host IPS and Network IPS it shows as Unknown, also the name of the applied policy is blank.
I have checked the information in ePO for each device not showing the correct information and they are all reporting correctly. e.g. shows applied policy and the actually status of the services. It's just the query not showing the correct information .
Any ideas ?
Forgot to say all devices and Windows XP, all running agent 4.5.1852 and all running HIPS 126.96.36.1998
Create a client task within ePO that is an Agent Wakeup. Be sure it has "All properties" selected like this screen shot.
I like to execute this task "at startup" + 10 minutes on all my endpoints. This looks just like a regular wake up call... but it isn't. Try running this task on the endpoints and see if it fixes the issue you are having. Normally this will correct errors with incomplete properties. That sounds like it might be related to your problem. But even if it isn't, this won't actually cause any harm at all.
Message was edited by: petersimmons on 10/9/12 12:08:42 AM EDT
Have tried want you recommended but it hasn't helped sorry.
Still getting Unknownfor Firewall, Host IPS and Network IPSstatus and the applied policy field is blank.
For these pilot systems, were the HIPS modules deployed in the same fashion? Meaning were they all HIPS 7 systems upgraded to HIPS 8, or were they new systems with HIPS 8 fresh installs? It may not matter, just trying to discern the differences between the ones that work and those that dont work.
Hey Steve, I would check the managed system properties to ensure that there are no recent/excessive sequence errors. If there are recent/excessive sequence errors, I would either do a reinstall of the agent (c:\program files\mcafee\common framework\frminst.exe /forceuninstall) or mark the system as having a duplicate GUID (from the system properties, Actions > Directory Management > Move GUID to duplicate list and delete system). But whether you have sequence errors or not, I would delete the system from the system tree and force the agent to check back in.