This content has been marked as final. Show 5 replies
- Install the HIPS 7 Server component first.
- Add HIPS 7 to your master repository.
- Confirm HIPS is NOT part of an existing deployment task
- Configure your policies
- Test by deploying to a few machines via local deployment task (disable inheritance on an individual node or group, then add HIPS as an Install item on the local deployment task)
- If successfull... Add to your Global Deployment task
McAfee Document ID: 612704
- If you Run the Cisco VPN client make 100% sure you have not installed The Firewall component, if you have remove it first (oh the joy). Doesn't matter if it's On or not you must remove the DLLs and registry entries. This KB states it's an issue it's running, in our case it was an issue just being installed and teir 3 had us follow these steps (after BSD'ing multiple machines in the field)
McAfee and VPN do NOT play nice (we've had FW issues in the past that McAfee released SP's for)
McAfee Document ID: 614281
The following Virtual Private Network (VPN) clients have been tested and are currently supported with McAfee Host IPS 7.0:
- Cisco VPN3000 4.8.00
- Nortel Contivity VPN Client 6.01
- CheckPoint VPN Client R56_548000619
- CheckPoint VPN Client R60 HFA2
- F5 Firepass 1200 6.0.1 (6010,2007,223,319)
Monster caveat of death 2.0
Ensure all clients are running CMA 18.104.22.1684 (3.6 patch 3) before rolling out HIPS.
+++ mcAfee bullentin +++
McAfee Common Management Agent (CMA) 3.6 Patch 3 is available for download to licensed customers from McAfee ServicePortal:
It is highly recommended to install this patch to remediate of the below critical issue:
The Common Management Agent corrupted the
server.xml and/or compiled.xml files when it
The Common Management Agent now locks the
server.xml and compiled.xml files as a single
unit. This greatly decreases the likelihood of
the policy compilation process corrupting these
ok and how can I add HIPS 7 to my master repository? I don't find any *.nap or *.z file to check in
The agent is a seperate download and not included with the server component.
The NAP is automatically added via installing the "server component" of HIPS. Remember that there is already the 7.0.1 version of the server component available for eP 3.6.1.