5 Replies Latest reply on Nov 27, 2007 9:30 AM by mdyer

    HIPS 7.0 has been released


      Yesterday, I noticed that HIPS 7.0 was available for download under our grant number.

      Below are the new features.

      Release Notes for McAfee® Host Intrusion Prevention 7.0.0

      New features

      New and updated features in the current release of the software are described below:

      * Windows Vista 32-bit and 64-bit support.
      * Windows 2003 64-bit support.
      * Terminal Server and multiple user sessions support.
      * Network Connection Isolation, which prevents undesirable traffic from accessing a designated network via other active network interfaces on a computer, such as a wireless adapter connected to a wi-fi hotspot.
      * Boot-time quarantine that keeps a computer quarantined and blocks network connections at start-up until a firewall policy is loaded.
      * Troubleshooting enhancement that allows client troubleshooting to be performed from the ePolicy Orchestrator console.
      * IPv6 Support: Where an IP address is required, the user interface will accept both IPv4 and IPv6 addresses.
        • 1. RE: HIPS 7.0 has been released
          Just reading the release notes and it reads like alph or beta release, its got a huge amount of issues.

          Definetely waiting till patch 1, shame as we have a few 64 bit machines with no protection ATM.

          Guess I'll be the guinea pig till patch 1. Anyone else running this yet? Any big problems?
          • 2. Been running it since beta

            The only problem I've run into is a really complex issue with vmware bridged mode. Basically the firewall isn't acting statefully so I have to manually open up inbound ports to get around the issue (it's at tier III right now and I expect it to be resolved soon). Other than that problem, no issues at all.
            • 3. RE: Been running it since beta

              What ports do you have to open?

              We have an issue with XP vm's running on ESX servers. Sometimes RDP sessions do not work. A reboot is required.
              • 4. Manually specify ports
                We have to manually open whatever port is needed by the specific application for the return response. For example, if I do an outbound dns lookup request I have to have a rule that opens up the port for the inbound reply (53) and this rule has to be for all IPs. If I try to write a rule that targets only the bridged address the reply will get blocked. It's an ugly problem but I expect that we'll get it resolved shortly.
                • 5. HIPS 7.0 and VMware Bridged Network issue

                  Did you get a response on VMware Bridged Network Stateful Firewall issue?

                  When I deployed HIPS 7.0 globally for 7000 desktops, now all VMware workstation sessions cannot communicate to other network resources unless either I turn off the firewall or change ethernet settings from Bridged to NAT.

                  NAT might be the workaround but there are a few VMware sessions that require real IP address that were issued by corporate DHCP server.

                  If you have any idea or workaround, please let me know. Thanks,