I am planning to deploy HIPS 7.0 Patch 3 to our estate very soon. We are currently in a UAT phase of rule testing, and during deployment I have come across an issue.
We need to be able to deploy HIPS manually, and not via the ePO console for 2 reasons.
1) The naming convention does not differentiate laptops from desktops in our ePO structure, and is not easy to manage. 2) A lot of our users are on VPN
A logon script has been created to firstly check if laptop or desktop, remove DTF 8.5, reboot then install HIPS. Now everything works fine, and ePO recognises that HIPS is installed on the client and the product details are updated correctly. Now comes the problem. We have a VPN quarantine script that checks if a valid Desktop Firewall is installed. Now when HIPS is deployed via the ePO console it creates registry keys under HKLM\Software\McAfee\HIP, including the "State" key which is the one i am interested in, as the quarantine will fail if State=0. When installed manually, there are no entries in the HIP branch so the quarantine script fails as it cannot find a valid state key, nor product version.
I had an idea of adding the "ePO created" keys afterwards (but you have to disable IPS in the mean time whilst the entries are added), but as soon as IPS is re-enabled the keys are "wiped" and set to default - i.e. no entries in this case.
Can anybody possibly tell me please
a) Why these entries arent added when a manual install is performed. b) Is there anywhere else in the registry that the State and Version keys reside.