I'm currently deploying patch 2 for HIPS 8 via my ePO server (4.5P5) and it seems to be very slow and only a handful of clients are updating on a daily basis. I have a master ePO server and about 6 Agent Handlers and in general everything is fine, if I deploy a VirusScan patch it rolls out relatively quickly.
Is this a known thing that HIPS patches take longer to deploy?
I can see the deployment task come down via the McAfee Agent GUI and it seems to just keep re-scheduling for a while before eventually running.
How is your client task setup? Run Immediately? In the past I've seen HIPS patches not fire off immediately, but it usually has something to do with how the client task / McAfee Agent policy is tailored.
It's set to run immediately and also to run at every task/policy enforcement. It's just strange that some go down immediately and install, others take days and they have identical policies. There's not even any consistency to it such as only clients being managed from one Agent Handler, totally random.
Client tasks can be funny. Have you tried dropping all the systems into a subdirectory with a client task specifically assigned to that group? Sometimes moving systems around will fire off the task properly.
Is the task being assigned to the end points? If not then why.
If the task is assigned, is it invoking? If not then why.
Is it invoking and failing to complete? If so then why.
Logs, logs, logs...
Yes, Yes and Yes/No, sometimes it just continually re-schedules. They all get it eventually but it is very sloooooooooooowwwwwww!
Ah logs, if only it were that simple!
Some of us manage standalone systems where collecting and exporting logs would a massive security and/or corporate headache!
Yes, we generally have that option enabled as an extra security measure should a user find a way to uninstall a McAfee product.
So I guess that could be it all dependent on timing etc.