Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
776 Views 1 Reply Latest reply: Feb 1, 2013 10:20 AM by alpha5thgroup RSS
mlmarshall3 Newcomer 1 posts since
Feb 1, 2012
Currently Being Moderated

Jan 31, 2013 9:02 AM

HIPs 8 - Some clients won't enforce policy

Reviewing Medium blocks for HIPs we stumbled upon some clients that just are not receiving policy from the server.  From the ePO server POV, all the computers have the same policies applied, their is no break to inheritance and enforcement is on for all.  Here's some particulars:

 

ePO 4.5 MR4

McAfee Agent 4.6

HIPs 8.0.0.1919

 

The install appears to complete successfully with no missing items but the policies that are applied when reviewing HIPs product policies are:

 

Client UI policy name [Client Default]


DNS blocking policy name [Client Default]




IPS options policy name [Client Default]
IPS protection policy name [Client Default]
IPS rules policy name [Client Default]

 

In ePO, all these policies are applied properly and the systems affected is less that 1% of the total count.  The above policies can also be confirmed on the local machine via clientcontrol.exe /exportConfig "filename" 6.

 

The other components are getting policy properly and during collect and send props it states that HIPs is getting policy enforced.  I've attempted to remove and reinstall both the agent and HIPs 8 to no avail.

 

If anyone has any insight on this it would be appreciated.

  • alpha5thgroup Newcomer 1 posts since
    Feb 24, 2012
    Currently Being Moderated
    1. Feb 1, 2013 10:20 AM (in response to mlmarshall3)
    Re: HIPs 8 - Some clients won't enforce policy

    I encountered similar issue here.  Make sure you check the repository version against the client version, it should match.  Sorry I cannot the latest KB McAfee released in Dec 12.  It stated that if you used an older policy from a legacy ePO.  You will run into a greatest risk of the policy not working.  Hence, I had to rewrite the policy from scratch.  Besides that issue, did you check the client services is running under the Task Manager?  The cores services are mfefire.exe, firesvc.exe, and mfevtps.exe should be running to confirm HIPS installed properly.  I hope I was able to direct you in the right direction.      

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points