This content has been marked as final. Show 4 replies
Did you install patch 2 before installing SP3?
What you've described is what happens when you install SP3 first and then install patch 2.
You'll need to download HIP 7.0 patch 2 full agent install and remove what's there and re-intsall it. Otherwise the IPS module will never function properly.
Thanks for your reply.
To answer your question. HIPS product was never upgraded. All of our installs were done with HIPS 7 integrated with Patch2.
So machines that have Windows Service Pack 2 are crashing and the machines having XP Service Pack 3 are working fine.
I have the debug logging enabled so hopefully it's just a signature that needs to be turned off.
There is a difference between crashing and locking up. Is the computer blue screening?
Do you have the computer set to save a full memory dump?
The best way to figure out what's going on is to enable "crash-crtl-scroll" and get a full memory dump to support. When the computer locks up you initiate a blue screen.
How to enable "crash-crtl-scroll", http://support.microsoft.com/kb/Q244139
Engineering will need to look at the dump to see what's going on. More than likely some sort of dead-lock.
Thanks for your reply. We've finally narrowed down the problem to a conflict between McAfee HIPS 7 and Citrix EdgeSight 4.5. Apparently EdgeSight is not compatible with it. We've temporarily removed winlogon.exe from the list of protected applications which resolved our problem, until either McAfee or Citrix release a fix for it.