1 2 Previous Next 10 Replies Latest reply: May 8, 2014 11:03 AM by twilliams61 RSS

    Can not import HIPS IPS Rules into ePO 4.6.6

    Jody Barry

      I am attempting to import HIPS rules from another of my agencies other ePO servers and when  I attempt to import it acts as though it has completed but you can't see the HIPS rules.  The import works for the firewall and general rules but not the IPS rules.  Both servers are using HIPS 8.0, any suggestions on how to accomplish this?

       

      Message was edited by: jbarry on 9/18/13 11:14:53 AM CDT
        • 1. Re: Can not import HIPS IPS Rules into ePO 4.6.6
          Avinash Shedge

          HI Jody Barry,

          Go to policy catalog and select the HIPScategory and click export tab it will take full HIPS policies. It not requiredto export single policies. while Importing the policies it will restore thesame policies. If you still facing the problem then I suggest create oneduplicate policies in same epo server and export and delete the same. Againimport the same check whether all rules are replicated or not If still facingproblem then take backup all and rechecking the extension. 

          If still you facing issue I suggest log the call with McAfeesupport Team.

          • 2. Re: Can not import HIPS IPS Rules into ePO 4.6.6
            Jody Barry

            I am receiving IPS Rules from another one of my HBSS administrators from her server and trying to import them into my server.  All of her rules/policies imported properly EXCEPT the IPS Rules.  She also sent me just the IPS Rules and the didn't import either.  IWhen I do the IMport of her IPS rules it goes through as though it imported but the do not show up in the Policy Catalog.  So really I guess the question is CAN you import someone else's HIPS IPS Rules???

            • 3. Re: Can not import HIPS IPS Rules into ePO 4.6.6
              Kary Tankink

              Jody Barry wrote:

              CAN you import someone else's HIPS IPS Rules???

              Yes, you can.  There might be an invalid rule in the policy that prevents importing it.  Check the ePO Server orion.log for errors when you try to import it.  I would suggest calling into McAfee Support for additional assistance.

              • 4. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                twilliams61

                I am having the exact same issue with importing the HIPS IPS rules into ePO 5.1. Everything else imports correctly (options, protection, etc).  It even appears to import successfully.  Yet the  imported HIPS rules don't display in the Policy Catalog.  Orion.log doesn't show any errors either. 

                 

                It's like its the "case of the vanishing HIPS rules".  I can re-import the same xml over and over, and it never shows there is a duplicate either. 

                • 5. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                  Kary Tankink

                  Check the Orion.log file again for an error similar to this.  Usually I see it due to some invalid rule.

                   

                  Orion log error (no debug logging required):

                  0000-00-00 00:00:00,000 INFO  [http-8443-Processor19]services.PolicyImportExportServiceInternal  - PolicySettingsobject with name XXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXX  :xxxxxxxxx-xxxx-xxx-xxxxxxxxxxxx is not found, nopolicy or policy settings will be saved

                  • 6. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                    timomcd

                    I recently ran into the same problem. After migrating policies from HIPS7 to HIPS8, then exporting them, extra tab characters were added to the XML file for the rule names. When I tried to import those policies on another machine, there were no error messages in ePO or Orion.log, but the policy never imported. I did a Find and Replace to remove all tabs in the XML, and the import was successful. I don't like to manually edit McAfee's XML files, so I've heard you can also duplicate the policy on the original system, then export the new policy without tabs.

                    • 7. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                      lfah2000

                      Are the IPS rules compatible with ePO 5.1.0?

                      When I import the HIPS extensions, I only see:

                      Host Intrusion Prevention 8.0: Firewall

                      Host Intrusion Prevention 8.0: General

                       

                      The policy set Host Intrusion Prevention 8.0: IPS is not available

                       

                      When I try to import HostIPSLicense.zip  it gives this error:

                      Extension HostIPSLicense, version 8.0.0.563 is not compatible with this version of ePolicy Orchestrator

                       

                      I need the IPS rules.

                      • 8. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                        twilliams61

                        Timomcd, your solutiion was spot on, and solved my problem!  Removing the "tab characters" from the XML file allowed them to fully import into ePO 5.1, without any errors.  Well done sir!

                        • 9. Re: Can not import HIPS IPS Rules into ePO 4.6.6
                          Kary Tankink

                          I'd be careful about editing the XML file directly; I wouldn't suggest doing it at all.  If the policy gets corrupted in doing this, rebuilding the policy is normally the only solution.  I would try to edit the policy via the GUI to fix those rules (duplicate or modify to fix) vs. manual edits.

                          1 2 Previous Next