5 Replies Latest reply on Jan 16, 2009 8:51 AM by recursive

    HIPS 7.0 P3 Slow GUI

      Hi,

      When I try to open HIPS GUI by doubleclicking mcafeefire.exe, it takes around 5 minutes to show up (the window is opened, but content is not shown, and windows says "not responding") when I'm connected to LAN.

      If I unplug my ethernet, it shows up in 5 secs!

      The version is 7.0.0 Build number 953. Agent version is 3.6.0.603 and epo server is 3.6.1

      Any ideas?

      PS:This is not limited to 1 client, all deployed clients are experiencing the same issue.

      Edit: I've seen that several connection attemps are being made to an IP address with tcp 139 and 445 ports. But the tried ip address is an old file server's ip address, which is not present atm. And then a successful connection is established with another ip address tcp/139 and 445, which is another server, randomly.. Those ip address is not related with any mcafee software.
        • 1. RE: HIPS 7.0 P3 Slow GUI
          Have you tried launching it from the firetray.exe?

          My other question is how did you install HIP? CMA, local install, or third party tool?

          -R-
          • 2. RE: HIPS 7.0 P3 Slow GUI
            Hi,

            Thanks for the reply, I've tried firetray.exe, however, it does not do anything. (tray icon is disabled by policy)

            HIPS is installed by CMA.
            • 3. RE: HIPS 7.0 P3 Slow GUI
              Have you turned off all of the HIPs modules?
              IPS, application protection, firewall, etc...

              If all of the modules are off and it's still occurring, open a ticket with support.

              -R-
              • 4. RE: HIPS 7.0 P3 Slow GUI
                Hi Raja,

                I didn't disable any functions of HIPS yet. I've given the tried ip address to a live server as an additional ip, now gui is fine, opening in 10 secs, next step would be capturing the transmitted packets with host and destined server.
                • 5. RE: HIPS 7.0 P3 Slow GUI
                  Results of the packet capture;

                  When I launch gui, its looking for the shares, and sending GET_DFS_REFERRAL requests to random servers.

                  The first tried ip address (which was an old server as I described before) was part of our DFS, but not any more.

                  Google search says its about Virusscan 8.0i , and to correct install patch 11, which is currently lower than our version (8.0i with a higher patch)

                  I guess its necessary to contact support sad