5 Replies Latest reply on Dec 1, 2008 8:01 PM by Raja

    HIPS V7 (patch2) on vista 64bit

      Would be interested to know if anyone has a similar setup.

      I have a 64-bit version of vista, and noticing some wierdness with HIPS. I'm see loads of de-activated HIPs icons appearing on the system tray (all with the small red 'disabled' icon) and one 'active' icon. Having a look at the access protection log its showing up loads of entries (as shown below)

      the version of HIPS is 7.0.0.8333 (patch 2) and the macafee agent is version 4. I've seen a reference to a HIPS patch 3 (KB Document ID: 616837) but can't see any sign of it on the download site.
      VirusScan version is 8.5 P6.. but get the same after I upgrade to VSCAN 8.7

      I'm also getting requests in relation to the svchost.exe and firesvc.exe consuming alot of CPU time on machines, they should all be on HIPS7 P2 so I'm hoping that maybe patch3 can sort this out?

      Thank in advance

      == log example ===

      20/10/2008 15:16:37 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\msiexec.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:38 Blocked by Access Protection rule NT AUTHORITY\SYSTEM **\HIPSVC.EXE C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:39 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:39 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:39 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:39 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:40 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:40 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:54 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

      20/10/2008 15:16:54 Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate