1 Reply Latest reply on Dec 24, 2014 1:20 PM by awbattelle

    HIPS Firewall Policy won't apply to EPM 2.2 for Macs

    awbattelle

      EPO 4.67

      Endpoint Protection for Mac 2.2.0.1298

      HIPS 8.8.0.2919

      Agent fo0r Mac 4.8.0.1816

      Macs are OSX 10.8.4 to 10.8.5

      We don't have any problem pushing AV policy or Application protection policy to our Macs, but the HIPS Firewall policy does not "take". We can see the policies to apply when we are in the tree under the assigned policies tab (see first screen shot). Then when we select a Mac running EPM 2.2 and go to Actions/Directory Management/View Assigned policies, there is no Firewall heading! It's not there. (See second screen shot)

      The HIPS policies apply perfectly well to the PCs, but for some reason EPO doesn't think the Firewall policy is valid for Macs.

      Extensions you say? No, all the EPM 2.2 extensions and HIPS  extensions are loaded.

      We took some of our production Macs and put them on our dev server and voila, everything works great. We can't find anything different between them.  If anything the dev server has more stuff on it, because it's our main EPO test bed. Tried removing the HIPS extensions and reinstalling them. No change,

      Yes, there is a support ticket. I must have spent 2 hours with domestic gold level support. Then guy was logged into our  EPO and also got into a couple of the Macs to look around. He was stumped. The issue was escalated last Thursday. I even did some more research and sent an update, but have not heard anything back. FYI it's 4-7705881111

      Anyway, I thought I'd throw this out to the community  to see if anyone has experienced anything like this. It's maddening. Here are some screen shots.

       

      Note: We see policies to apply

      See policy to apply.jpg

      But when we go to view effective policy;

      It is gone.jpg

      It is gone! No Firewall policies are listed, or operative.

        • 1. Re: HIPS Firewall Policy won't apply to EPM 2.2 for Macs
          awbattelle

          OK, so the solution was to check the little box in the Agent profile that says "

          BTW, this went all to tier 3 for this seemingly simple answer. No idea why this checkbox was necessary, when all the other product properties did not need this done.

          Well, live and learn I suppose. I love it when I answer my own questions in here. It does look like some other people looked at this, so, perhaps this will be useful to others if anyone else ever has this issue.