I have a Windows XP SP3 Pro machine running HIPS 22.214.171.1248 that is getting the following error on restarts:
Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 14
Time: 4:14:03 PM
The HTTP Filter DLL C:\Program Files\McAfee\Host Intrusion Prevention\eng\isapi\IsapiStub.dll failed to load. The data is the error.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
0000: 02 00 00 00 ....
I did find some McAfee articles that mention this error but all of the articles referenced HIPS 7.0 not HIPS 8.0. Does anyone have any additional insight into this error? Thanks in advance.
Message was edited by: kink80 on 3/28/13 8:52:19 AM GMT-06:00
IsapiStub.dll is the driver HIPS uses to hook IIS servers (which is supported on server OSes only). Do you have IIS running on a Win XP system?
Yes IIS is running on a Windows XP system in this case. It has been running on this machine and others like it for a long time now. It is a machine that I do not directly manage and it controls some nurse call software that failed to send out an automatic page yesterday that is why the system owner contacted me as they saw an error regarding HIPS on the machine and think it may be HIPS causing the issue.
1. Uninstall IIS from the Win XP system if it's not being used.
2. Disable the HTTP engine in the HIPS General: Client UI, Troubleshooting policy. This will disable the HTTP engine for IIS and Apache. This might address the error.
HIPS does not support IIS on Windows XP, hence why you're seeing failures with HIPS trying to inject into the IIS space.
Thank you for the responses Kary. Is this something new with HIPS 8.0? We have been running HIPS on these XP machines with IIS for quite awhile now and I don't see any of these events logged prior to upgrading to HIPS 8.0.
Is this something new with HIPS 8.0?
Possibly something with HIPS 8.0 and IIS/Apache/SQL injection, but HIPS 6.x/7.0 did not support those server apps on workstation OS'es either.