I have been testing HIPS 8 Patch 2 on our ePO server (ePO 4.5.6, Server 2008R2 64bit, with SQL server 2008SP1). I am monitoring both the HIPS GUI log (McAfeeFireLog) as well as the HipShield.log. The HipShield.log is filling with:
"Error: 0x7f8,xxx Failure analyzing query. Query will not be blocked. - code 0xe0009001 - UnknownErrorCode"
I initially thought this might be due to an issue with the migrated HIPS 7 IPS rule I was using. So, to eliminate this I isolated the server and applied the "McAfee default" rule. I checked the logs the following day and the errors are still streaming out, I mean reeeeaallly streaming out. This did not occur with HIPS 7 and I would like to determine the reason behind this (or at least see if someone else has seen this) before I proceed deployment of HIPS 8 to other servers.