6 Replies Latest reply: Jun 23, 2014 12:48 PM by Kary Tankink RSS

    Probably a given but...

    zander012

      Hello,

       

      I had a question regarding HIPS 8 on systems running IIS v7. What are the security implications if the ISAPI extensions are removed from the application.config file? Will this effectively remove HIPS 8's ability to filter http requests on a system? It seems like that is what it seems like but I just wanted clarification as I suspect someone may have made this change in our enterprise as a "fix" for a corrupt or missing .dll and am curious as to the impact it. Thank you very much!

        • 1. Re: Probably a given but...
          Ex_Brit

          I think you'll get a quicker answer in the HIP section so have moved it there.

          • 2. Re: Probably a given but...
            greatscott

            I think we had the same issue. We essentially had to disable the HTTP engine within the HIPS Client UI policy because it was disrupting web services on the IIS server. I think the dll was missing and we were unable to filter HTTP correctly.

            • 3. Re: Probably a given but...
              zander012

              Yes, the missing dll was causing application pools to become disabled. Instead of repairing the application, the "fix" essentially removes any capability for HIPS to filter http requests as I understand it. I'm hoping I'll get some validation from this post but it's reassurring to see I am not the only one with an issue like this. Thanks for the reply!

              • 4. Re: Probably a given but...
                Kary Tankink

                Removing the ISAPI extension will affect the HIPS/IIS integration (as you stated), but for troubleshooting, it would be better to disable the HTTP engine in HIPS, rather than remove the extension from IIS.

                • 5. Re: Probably a given but...
                  zander012

                  To clarify, by removing ISAPI extensions, I mean by following the procedure here: https://kc.mcafee.com/corporate/index?page=content&id=KB72677&actp=LIST. I just want to be sure we are referring to the same procedure. I believe there may be some confusion and belief that the ISAPI extensions are legacy and not actually part of HIPS 8 and further. I'd like to clear up this misunderstanding if possible. I can create an additional discussion if that seems like a good idea. Thank you.

                  • 6. Re: Probably a given but...
                    Kary Tankink

                    That KB articles refers to the ISAPI extension not being removed after HIPS 8 is uninstalled.  Manually modifying the file to remove the leftover extension.

                     

                    If HIPS 8 is installed, then you wouldn't follow the KB article.  You would modify the HIPS 8 General: ClientUI policy, and in the Troubleshooting tab, you would disable the HTTP engine.  This prevents HIPS enabling the HTTP engine functionality for IIS and Apache servers (not typically something you should do without contacting McAfee Support first, if there is some issue you're seeing with HIPS & IIS/Apache).