4 Replies Latest reply on May 18, 2009 6:53 AM by SergeM

    HIPS 7 FW rule - cannot edit !?


      I have a problem on one of my ePO Servers.
      The server is running ePO 3.6 (*) and HIPS 7.0. (Not sure whether this post should be in the ePO Threads or here...)

      I recently modified two HIPS/Firewall rules and added specific rules for a program. The Program was identified by path (no fingerprint). Thing is the "path" actually only contained the program name, so I updated it to hold the entire path. After I did this, the rule became "uneditable". Whenever I open this rule, I get some unidentified IE script error and a blank screen.

      So now I can't edit those two rules.
      I tried duplicating the rules to midiy them, it didn't work.

      Anyone has an idea about this problem ?


      (*) I know ePO 3.6 is old, I'm trying to update all old DFW 8.x users to HIPS so I can upgrade the server.
        • 1. RE: HIPS 7 FW rule - cannot edit !?
          You didn't inadvertently update Java on that server, did you?

          I had a similar issue with the Trusted Networks policy after Java was updated on the server. It was fantastic; after adding a new network and clicking save it completely wiped the policy and made it uneditable. That brought a couple thousand machines to their knees pretty quickly.
          • 2. RE: HIPS 7 FW rule - cannot edit !?
            Thanks for the answer.

            I don't think so...
            Just checked and Java is at version 6 update 7 (1.6.0-07), so quite old.

            I've opened a case with McAfee since this is a big problem here.
            • 3. RE: HIPS 7 FW rule - cannot edit !?
              go back to Java 5...hips policies and epo361 have serious issues with with Java6...

              Thankfully in epo4 you won't have to worry about java...maybe one day java will go away completely!
              • 4. Problem solved, somehow.

                Thanks, in the end, it wasn't Java... I suspect it was a DB error somewhere(*).

                The only workaround I found was to rewrite all those rules...
                Had to use a laptop to see what the rules actually were as I couldn't even view the rules on the server... Then rewrote new rules copying the old ones. Luckily I only had about 20 different rulesets.

                I managed to also merge a few special cases so as to have less different rulesets. And I did learn a bit about HIPS in the process (also found some weird things, see other thread on localhost handling).

                Problem solved, somehow (**).

                (*) I had "DB Full" messages on this server, so I purged and cleaned the evenst from the DB.

                (**) I'd opened a case with McAfee support about this. After three days, they just closed the case and considered it solved, even though they never provided any solution :mad: