Reviewing Medium blocks for HIPs we stumbled upon some clients that just are not receiving policy from the server. From the ePO server POV, all the computers have the same policies applied, their is no break to inheritance and enforcement is on for all. Here's some particulars:
ePO 4.5 MR4
McAfee Agent 4.6
The install appears to complete successfully with no missing items but the policies that are applied when reviewing HIPs product policies are:
|Client UI policy name||[Client Default]|
|DNS blocking policy name||[Client Default]|
|IPS options policy name||[Client Default]|
|IPS protection policy name||[Client Default]|
|IPS rules policy name||[Client Default]|
In ePO, all these policies are applied properly and the systems affected is less that 1% of the total count. The above policies can also be confirmed on the local machine via clientcontrol.exe /exportConfig "filename" 6.
The other components are getting policy properly and during collect and send props it states that HIPs is getting policy enforced. I've attempted to remove and reinstall both the agent and HIPs 8 to no avail.
If anyone has any insight on this it would be appreciated.
I encountered similar issue here. Make sure you check the repository version against the client version, it should match. Sorry I cannot the latest KB McAfee released in Dec 12. It stated that if you used an older policy from a legacy ePO. You will run into a greatest risk of the policy not working. Hence, I had to rewrite the policy from scratch. Besides that issue, did you check the client services is running under the Task Manager? The cores services are mfefire.exe, firesvc.exe, and mfevtps.exe should be running to confirm HIPS installed properly. I hope I was able to direct you in the right direction.