Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1058 Views 3 Replies Latest reply: Mar 6, 2013 4:04 PM by Kary Tankink RSS
kjhurni Apprentice 222 posts since
Aug 1, 2005
Currently Being Moderated

Mar 5, 2013 4:10 PM

How does HIPS update policies from ePO?

Okay I THOUGHT I understood how HIPS got policy changes from the EPO server.

 

I was under the impression that HIPS relied upon the McAfee Agent (MA) similar to how VSE relies upon it.

 

So:

 

1)  Make a policy change in EPO to HIPS/VSE

2)  Either

a)  wait for the agent to server communication interval to kick in (in our case, 240 minutes = 4 hours)

b)  Issue an agent wakeup call and check the box to enforce policies/full properties thingy

c)  Open a CMD prompt and do the cmdagent /p /c /e thingy

d)  Open the MA icon (if it's present) on the taskbar and do a: Update Security

 

However, in our environment it seems that item "d" updates VSE but not HIPS (ie, we right-click on the MA icon and select: Manage Features -> HIPS -> Firewall Policy) and we never see the new policy that was added.

 

Same with "b"

 

Now, is it possible that the MA interface isn't showing updated info and you need to reboot/reload something?  There's no "refresh" on the firewall policy tab on the MA.

 

We have observed the policy does take effect eventually, and I know "c" works (which we were told that "b" actually did "c")

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Mar 5, 2013 4:32 PM (in response to kjhurni)
    Re: How does HIPS update policies from ePO?
    I was under the impression that HIPS relied upon the McAfee Agent (MA) similar to how VSE relies upon it.

    HIPS relies on the McAfee Agent for policy management, since it is an ePO-managed product only (HIPS will not install unless the McAfee Agent (Framework service) is installed).  VSE can be managed by ePO or configured standalone (unlike HIPS).

     

    c)  Open a CMD prompt and do the cmdagent /p /c /e thingy

    Don't run multiple switches.  "cmdagent.exe /p" will perform a Collect and Send Props, and if a new policy is available, it will be enforced automatically.  Just run that switch.

     

    d)  Open the MA icon (if it's present) on the taskbar and do a: Update Security

    "Update Security" runs a McAfee Agent Update task; it does not perform a McAfee Agent ASCI (AGent to Server Communication Interval) to update policies.  If you want to update policies, run "cmdagent.exe /p" or "cmdagent.exe /c".  See KB52707.

     

    However, in our environment it seems that item "d" updates VSE but not HIPS (ie, we right-click on the MA icon and select: Manage Features -> HIPS -> Firewall Policy) and we never see the new policy that was added.

    Make sure the Agent actually getting a new HIPS policy.  Also ensure that the HIPS Client UI is locked/closed.  If the HIPS Client UI is opened/unlock, policy enforcements will not occur, until you close it, and re-enforce policies.

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    3. Mar 6, 2013 4:04 PM (in response to kjhurni)
    Re: How does HIPS update policies from ePO?
    Although I didn't think the /p actually enforced it, that's what the /e was for.

    Correct.  /p will enforce policies, if a new policy is downloaded from the ePO server, but if there is no new policy, then /e can be used to enforce the already existing policy on the system.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points