1 Reply Latest reply on Nov 30, 2007 8:38 AM by Grafis

    Host Intrusion Prevention 6.1 Agent has been reposted to include patch 3

      Host Intrusion Prevention 6.1 Agent has been reposted to include patch 3 in the package.

      Refer KB613990


      Issue: (Reference: 350239)
      Host IPS 6.1 agent version does not display
      correctly in ePO reports or product properties
      with Patch 1 applied.
      The version reporting for patches has been
      redesigned. Host IPS version reporting now includes
      the build number in the product About boxes and in
      ePolicy Orchestrator properties and reporting.

      Issue: (Reference: 348379)
      The firewall blocks traffic when the application
      is located in a NTFS-mounted folder.
      The firewall was unable to resolve the correct
      pathname of the application on a mounted partition.
      The path logic was modified to determine
      the correct path.

      Issue: (Reference: 338332)
      Data not available for SQL triggers with comments.
      The Host IPS client discarded details when the contents of
      IPS events were too large. The event handling was
      modified so sections are now truncated instead of

      Issue: (Reference: 347352)
      Host IPS About box reports while the ePolicy
      Orchestrator Agent reports Host IPS
      Host IPS components used different methods previously
      to report builds and versions. The Host IPS About box
      and ePolicy Orchetrator Agent About list both now use
      the same registry value for reporting builds and

      Issue: (Reference: 347342)
      Using * as a wildcard in the file name of an
      Application Blocking rule does not work correctly.
      The Application Blocking file name * wildcard only
      worked when the asterisk was placed at the beginning
      of the file name. The wildcard handling was updated
      so the asterisk will also work in the middle and end
      of an Application Blocking file name.

      Issue: (Reference: 356345, 356349)
      Host IPS policies are not applied to client
      systems with non-administrator users logged on.
      Host IPS policies on all Windows-authenticated
      users allow modification to Host IPS registry keys.

      Issue: (Reference: 359709)
      ProE application load time slowed when Host IPS and
      Firewall are disabled.
      Unnecessary hashing caused long loading delays for
      remote applications. The remote hashing procedure is
      now disabled if the Firewall is disabled.

      Issue: (Reference: 360814)
      FTP commands do not work when Host IPS service is
      disabled and the Firewall module deactivated.
      The firewall driver becomes locked down, as a
      security feature, when the Host IPS service is
      disabled. The firewall driver now detects when the
      Host IPS service shuts down and places itself into
      a pass-through state if the firewall module is

      Issue (Reference: 346561, 341544, 350245, 355395,
      The FireSvc.exe process maintained an elevated
      level of CPU Usage.
      FireSvc threads were unable to access a corrupted
      internal data structure. Synchronization and
      locking methods now protect the data structure and
      exception handling was improved.

      Issue (Reference: 327209, 335830)
      The Explorer.exe process fails at system startup
      and causes a blank desktop.
      A conflict occurred between the IPS and Application
      Blocking features. A synchronization mechanism has
      been added between IPS process monitoring and
      Application Blocking to provide dependable process

      Issue: (Reference: 339694)
      Firewall allow rules in a Connection Aware
      Group do not permit communication with an
      ActiveSync device.
      The long delay that prevented the firewall from
      receiving the IP address of an ActiveSync device
      has been resolved.

      Issue: (Reference: 334683)
      Application Blocking protection prevents running
      an SMS script from a UNC path despite a rule
      allowing the script execution.
      The parent process maintained an exclusive lock
      on the script file, which prevented the Host IPS
      client from reading the file for file hashing.
      The Host IPS client has been updated to allow
      application execution when the application is
      included in a path-only rule.

        • 1. Installing....
          Yes! A build release with patch built in! Yes! Yes but.... does anyone have the ENGLISH translation for the install notes? I'm confused as the notes are 90% about Patch 3 standalone?

          1. When the install references "patch 3" are they talking about Build 506 which I've downloaded (HIPS with Patch 3 built in) or are they just left over from a cut n paste job?
          2. Does Build 506 require a reboot, or just patch 3 per the install notes?
          3. If so does Build 506 require a reboot only when upgrading or also for 1st time install?
          4. Is a reboot required when upgrading p1 or p2 clients?
          5. Why would I keep Patch 3 in the repository if Build 506 updates all post p3 6.1 installs?
          6. Why are there instructions to run "McAfeeHIP_ClientPatch3.exe" when it's not in the download and it's not relevant to the download?
          7. Will my clients see "Service Error #31" with Build 506 or just with Patch 3?
          8. If I don't check "notify of reboot" will the system silently reboot without notice or will it wait for the user to reboot?
          9. AND most critical of all WTH is the final note about? Patch 3, Build 506?? TWO Reboots? Does the app reboot, the user. What?[LIST=1]
          10. Issue: (Reference: 328407)
            Firewall rules within a Connection Aware Group
            are promoted to root level upon initial Host IPS client installation.
            Fixed a caching issue in the Host IPS ePolicy
            Orchestrator plug-in.


          Host IPS Client 6.1.0 Patch 3 will update a client
          containing Host IPS Client 6.1.0 (Build 506) or
          later. It will not update a previous version.
          Patch 3 is language independent and will update
          English and non-English systems.

          An administrator can install this release by
          adding the package to the ePolicy Orchestrator
          repository for deployment via an ePolicy
          Orchestrator agent Update task.

          Note: New Host IPS client installations deployed
          using ePolicy Orchestrator, will automatically
          receive Patch 3 if Patch 3 is checked in to the
          ePolicy Orchestrator repository.

          Patch 3 can also be installed locally by running
          the patch binary on the target system.
          1. Disable the Host IPS protection from ePolicy
          Orchestrator or the local client UI.
          2. Run McAfeeHIP_ClientPatch3.exe
          3. Enable Host IPS protection
          4. Restart the system

          Patch 3 requires a reboot to complete installation
          for Host IPS Client 6.1.0 (pre-Patch 1) systems.
          Systems upgraded through ePolicy Orchestrator, with
          the user logged in, will prompt for reboot if the
          "Prompt user when software installation requires
          reboot" option is selected in the ePolicy Orchestrator
          Agent software configuration settings. ePolicy
          Orchestrator upgrades, with no user logged in, or local
          upgrades performed using third party tools such
          as SMS, will not prompt for a reboot. If deploying
          Patch 3 via a third party application, force a
          reboot after installation. The ePolicy Orchestrator
          Agent will not update any other product or DAT until
          the required system restart occurs.

          Systems running at least HIP Client 6.1.0 Patch 1
          do not require a reboot after applying Patch 3.

          On the first restart after the Patch 3 install,
          the Host IPS client Activity Log may display the
          following message:
          "Service Error #31"
          This is a benign message and does not impact the
          Host IPS client operation.

          Note: Systems which require a fix for issue
          328407 may need a second reboot reload the drivers
          replaced during systems startup.