Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1321 Views 2 Replies Latest reply: Dec 6, 2012 8:40 AM by StefanT RSS
StefanT Apprentice 113 posts since
Jul 10, 2009
Currently Being Moderated

Nov 27, 2012 7:22 AM

HIPS 8 Doesn't Block Applications

Hi, I'm trying to setup up application blocking using HIPS and have followed


KB71794 ( ) - To create an application blocking rules policy to prevent an executable from running (black list):


I have created the policy on the ePO server, set it as a High priority and on the IPS Protection policy High is set to Prevent, and assigned it to both a server and a workstation, both clients report receiving a new policy package and enforce it, however I can still run the application that I have blocked in the policy (as a test I am blocking notepad.exe and calc.exe).


No agent event is created its as if HIPS isn't seeing the signature at all. I also have previous custom signatures that monitor the hosts file for write action and if I set the severity level of this to high - prevent I am also able to open the hosts file, modify it and save it, again HIPS takes no action when the severity is set to high - prevent (although it does at least log it this time).


Any ideas? Am I missing something? Both myself and a colleague have sat and looked at this and as far as we are concerned everything is set as per the KB article.




Message was edited by: StefanT on 27/11/12 13:22:40 GMT
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Nov 27, 2012 8:37 AM (in response to StefanT)
    Re: HIPS 8 Doesn't Block Applications

    You may want to open a Service Request with Support, so your custom signature and policies can be reviewed (privately). 

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points