5 Replies Latest reply on Feb 13, 2008 2:05 PM by metalhead

    Rollout HIPS 7 with Epo 3.6.1

      Hi guys

      How can I check in the HIPS packets to my repository? I want to push the HIPS installtion with the Epo Agent. The upgrade from DFW 8.5 to HIPS 7 works, but i don't know how to install or upgrade my DFW 8.5 Clients witch Epo.

      I'll hope somebody can help me.

        • 1. RE: Rollout HIPS 7 with Epo 3.6.1

          1. Install the HIPS 7 Server component first.
          2. Add HIPS 7 to your master repository.
          3. Confirm HIPS is NOT part of an existing deployment task
          4. Configure your policies
          5. Test by deploying to a few machines via local deployment task (disable inheritance on an individual node or group, then add HIPS as an Install item on the local deployment task)
          6. If successfull... Add to your Global Deployment task
          Monster Monster MONSTER Caveat of death in my case
          McAfee Document ID: 612704
          - If you Run the Cisco VPN client make 100% sure you have not installed The Firewall component, if you have remove it first (oh the joy). Doesn't matter if it's On or not you must remove the DLLs and registry entries. This KB states it's an issue it's running, in our case it was an issue just being installed and teir 3 had us follow these steps (after BSD'ing multiple machines in the field)

          McAfee and VPN do NOT play nice (we've had FW issues in the past that McAfee released SP's for)

          McAfee Document ID: 614281
          The following Virtual Private Network (VPN) clients have been tested and are currently supported with McAfee Host IPS 7.0:

          • Cisco VPN3000 4.8.00
          • Nortel Contivity VPN Client 6.01
          • CheckPoint VPN Client R56_548000619
          • CheckPoint VPN Client R60 HFA2
          • F5 Firepass 1200 6.0.1 (6010,2007,223,319)
          • 2. RE: Rollout HIPS 7 with Epo 3.6.1
            Monster caveat of death 2.0

            Ensure all clients are running CMA (3.6 patch 3) before rolling out HIPS.

            +++ mcAfee bullentin +++
            McAfee Common Management Agent (CMA) 3.6 Patch 3 is available for download to licensed customers from McAfee ServicePortal:
            It is highly recommended to install this patch to remediate of the below critical issue:
            The Common Management Agent corrupted the
            server.xml and/or compiled.xml files when it
            compiled policies.
            The Common Management Agent now locks the
            server.xml and compiled.xml files as a single
            unit. This greatly decreases the likelihood of
            the policy compilation process corrupting these
            • 3. RE: Rollout HIPS 7 with Epo 3.6.1
              ok and how can I add HIPS 7 to my master repository? I don't find any *.nap or *.z file to check in
              • 4. RE: Rollout HIPS 7 with Epo 3.6.1
                The agent is a seperate download and not included with the server component.
                • 5. RE: Rollout HIPS 7 with Epo 3.6.1
                  The NAP is automatically added via installing the "server component" of HIPS. Remember that there is already the 7.0.1 version of the server component available for eP 3.6.1.