9 Replies Latest reply: Dec 18, 2012 6:56 PM by norbertg RSS
      • 1. Re: Host Intrusion Prevention Content failing to update
        nd_4_spd

          Do you do the content pulls manually or with a server task? If you have a server task verify it is configured to pull the HIPS content.

        • 2. Re: Host Intrusion Prevention Content failing to update
          norbertg

          It should be Auto, although I probably accidently deleted it months ago. Do you know what the default pull job is called? Can you run me through how to create a new pull task? I don't use EPO that often nor do we have a dedicated Admin in our Org.

           

          Thanks.

          • 3. Re: Host Intrusion Prevention Content failing to update
            nd_4_spd

            The default task name is Update Master Repository. You seem have a task keeping your VDAT package up-to-date at a minimum you can just add the HIPS content to that task if the Update Master Repo has been removed.

            • 4. Re: Host Intrusion Prevention Content failing to update
              norbertg

              The Update Master Repository is succeding. I couldn't find anywhere to add HIPC to the task. I may have removed it from extensions by accident?

               

              Here is the pull log for Update Master Repository over night:

               

              12/17/12 6:59:35 AM INFO Skipping package Current\VIRUSCAN8700\8.7.0\LangPack\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\VIRUSCAN8600\8.5.0\LangPack\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\LMASECORE2000\2.2.0.9309\SpamEngine\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\PATCHTMP1000\626\Templates\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\PATCHTMP2000\401\Templates\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\DBSECDVMMETA\78.871\DVMCHECKS\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\MASECORE2000\2.2.0.9309\SpamEngine\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\SUPPMVTCT1000\1.0.9.213\MVTContentUpdate\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\ENCPTCNT6000\8.0.0.4671\DAT\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\AMCORDAT1000\1240.1\DAT\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\AUENGINEMETA\1094\BMContent\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\Findings\1069\FNDContent\\0000, no managed product installed

              McAfeeHttp 12/17/12 6:59:36 AM INFO Downloading package Current\VSCANDAT1000\6928.0000\DAT\0000

              McAfeeHttp 12/17/12 7:09:53 AM INFO Checking in package Current\VSCANDAT1000\6928.0000\DAT\0000

              McAfeeHttp 12/17/12 7:09:59 AM INFO Package Current\VSCANDAT1000\6928.0000\DAT\0000 checked in

              • 5. Re: Host Intrusion Prevention Content failing to update
                nd_4_spd

                This bolded line below is showing that the product is not managed. If you removed the extensions for HIPS then the product will no longer be managed (content will not be updated and clients will not longer recieve policy). Verify this in the Menu -> Software -> Extensions. Hopefully you still have Host Intrustion Prevention listed in the left column, if so you should see the HIPS related extensions that are checked in on the right once you select HIPS.

                 

                Norbert Gregoczki wrote:

                 

                The Update Master Repository is succeding. I couldn't find anywhere to add HIPC to the task. I may have removed it from extensions by accident?

                 

                Here is the pull log for Update Master Repository over night:

                 

                12/17/12 6:59:35 AM INFO Skipping package Current\VIRUSCAN8700\8.7.0\LangPack\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\VIRUSCAN8600\8.5.0\LangPack\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\LMASECORE2000\2.2.0.9309\SpamEngine\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\PATCHTMP1000\626\Templates\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\PATCHTMP2000\401\Templates\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\DBSECDVMMETA\78.871\DVMCHECKS\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\MASECORE2000\2.2.0.9309\SpamEngine\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\SUPPMVTCT1000\1.0.9.213\MVTContentUpdate\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\ENCPTCNT6000\8.0.0.4671\DAT\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\AMCORDAT1000\1240.1\DAT\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\AUENGINEMETA\1094\BMContent\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:35 AM INFO Skipping package Current\Findings\1069\FNDContent\\0000, no managed product installed

                McAfeeHttp 12/17/12 6:59:36 AM INFO Downloading package Current\VSCANDAT1000\6928.0000\DAT\0000

                McAfeeHttp 12/17/12 7:09:53 AM INFO Checking in package Current\VSCANDAT1000\6928.0000\DAT\0000

                McAfeeHttp 12/17/12 7:09:59 AM INFO Package Current\VSCANDAT1000\6928.0000\DAT\0000 checked in

                • 6. Re: Host Intrusion Prevention Content failing to update
                  norbertg

                  It's not checked into extensions. We don't use HIPC or at least can't see a need for it. What is the best way to remove HIPC from the dashboard?

                  • 7. Re: Host Intrusion Prevention Content failing to update
                    nd_4_spd

                    Since you are not managing HIPS you can delete the Host Intrustion Prevention Content from your Master Repository. Once this is done it will no longer display in your McAfee Labs Threat Advisory as out of date.

                    • 8. Re: Host Intrusion Prevention Content failing to update
                      norbertg

                      Would you recommend I re-enable HIPS?

                      • 9. Re: Host Intrusion Prevention Content failing to update
                        norbertg

                        I've re-checked in the extension and ran a dat update and it now works.

                         

                        We will revist whether we need HIPS or not in the new year with our IT consultant.