This content has been marked as final. Show 7 replies
HIPS shouldn't install twice, I don't think its possible TBH.
Is it that its showing up twice under the machine properties in ePO? If so, try sending an agent wake up call to one of the machines and refresh the properties.
Actually just saw another post in the group
Are you running the same dat version?
Yes that is exactly it. Thanks it looks like I have the same problem as the other post ..... We are on DAT version 18.104.22.1681
In my experience you will see the install twice problem during ...
- 1st install
- Product updates
- DAT updates
What's interesting in your case is if the product actually installed a second time, if not why would it have generated the second record per node?
Not sure if there is a similar affect if HIPS is deployed via SMS/Tivoli etc. Which the more I see of these type of issues the less confidence I have in the ePO Admin based product management.
End result is your HIPS product reports are skewed all the time and the Intercept product (HIPS) apparently has yet to be fully McAfied. Seeing their history in the Firewall / IPS space this issue doesn't exactly make you comforatable does it?
My TAM still wants multiple MERs on this issue, he claims they have no records of the issue. More info here than with my TAM....... do they even have a QA lab for HIPS?
If you expand both HIPS products, Are the entries identical, I suspect one will show less than the other. The way the agent reports products means the the product can be displayed twice. Send an agent wake up call and check the "get full product properties". this should get rid of the second entry.
Exactly. An update of the system properties will remove the extra entry.
McAfee is aware of the issue and is currently investigating.
Please open a support case.
We have this problem on thousands of nodes.
This has been a problem for us with HIPS since we started deploying the product and is a recurring problem. It is not practical to do a force full update and wake up call on the number of clients we have.
I called McAfee a long time ago about this problem. Their solution was to send a wake up call with a force full inventory. This does fix the problem, but not is a way that is practical when you have 10,000 nodes and more than one thousand with the problem. Interestingly, it will not work to right click on a group and chose the same options (force full inventory) It will ONLY work if you do a wake up on an individual client.
This makes the reports for HIPS pretty much useless.
This issue doesn't have anything to do with the DAT. It's exposed by the DAT update. A wakeup call with full properties will purge the duplicate entries.
McAfee is currently investigating this issue.