1 Reply Latest reply on Jun 30, 2014 9:53 AM by fuzziest

    Host IPS 8.0 Blocking Juniper NSM Client - Exception Not Working

    gng4life

      Hello All,

       

      I am working on policies for the HIPS module and I found that the Host IPS 8.0.0.2482 is blocking the Juniper Network and Security Manager (NSM).  The error comes up as the the Java launcher can't be created.  As soon as I disable only the IPS function, it opens instantly.  I put it in adaptive mode and it is still blocked and there are no exceptions that show up.  I put it in Learn mode, there are no prompts about allowing the application.  I attempted to make my own exception and to make it a whitelisted/trusted application but no luck.  I did a search through the signatures and looked for anything related to Java and tried to disable them to find the exact signature but no luck there either.  Of course I searched for an signature related to NSM and nothing came up.  I started looking through all the logs - Windows Event Viewer, agent log, orion log, HIPS 8 reporting, querying for events, etc. and nothing!  There was nothing in any log I could find that showed this being blocked.  The only thing that would work sometimes is if I created a local client exception on the host and it would work about half of the time - go figure??  After a policy enforcement, it would disappear and not be incorporated into the signature exceptions in the policy on the server.  I checked allow client exceptions and still no luck.  I recreated my exceptions again but still no luck.  Please help - any other suggestions?

       

      Server - Win2K8 R2, VM

      McAfee ePO 4.6.7,

       

      Client - Win2K8 R2 and Win7, VM

      HIPS 8.0.0.2482

       

      Thanks!