3 Replies Latest reply: Oct 27, 2008 3:29 PM by bxs RSS

    Turn off firewall logging in HIPS

      We are in the process of deploying HIPS 7.0. Unfortunately, by default, the firewall portion of HIPS is logging all BLOCKED traffic on every client machine.

      I'd like to turn this off as it is not necessary to be running all of the time. I do not see any policies specific to this in ePO. Using regshot (before and after comparison of the registry) after unchecking the 'log all blocked traffic' it appears at the FireNetPrefs.txt file is being altered. I suspect this is where the setting is stored...however this file is not human-readable at all (despite the .txt extension).

      Has anyone had a similar quandry - if so, how did you solve? (p.s. manually turning this off on each machine is not an acceptable solution for 4000+ workstations).

        • 1. RE: Turn off firewall logging in HIPS
          According to McAfee that is no way this can be done via ePO or something easy like a reg key.

          I submitted a FMR but not too confident that it'll go anywhere.
          • 2. RE: Turn off firewall logging in HIPS
            The log only grows to 1 meg and then appends. The log is in plain text.
            The impact to log blocked traffic is so small it can't be measured.

            The only way to turn it off is to open the local UI and un-check it.

            • 3. RE: Turn off firewall logging in HIPS
              Yes I understand - but to some people it looks like "just another app that is needlessly logging and causing disk reads, memory, etc...read: slowness" and we've recently been on a big kick to eliminate that sort of thing.

              With that being said, it would've been nice to at least turn it off easily. McAfee has a bad enough reputation as it is ... heh.