4 Replies Latest reply on Sep 4, 2015 12:22 PM by dmease729

    Unable to install Host IPS 8.0 from read only media

    dmease729

      Hi,

       

      We are currently trying to incorporate the Host IPS client package into our gold build process.  As part of the current process, tools and packages are installed from read-only media.  This does not appear to be possible for Host IPS 8.0.  The below summarises what we have done, and the outstanding questions we have.

       

      Installing the Windows client locally

      - As per the Product Guide "Installing the Windows Client" locally section, we are attempting to install via the exe as described.  I want to call out the following:
      - Step 1: Copy the client installation package file to the computer
      - Step 2: Run the installation program (McAfeeHip_ClientSetup.exe) in the package
      - Step 3: Follow the on screen instructions to complete the installation

       

      The first issue that we have is that we are trying to install from the ISO.  On each of the virtual servers, I open the ISO as a CD/DVD, and attempt to run the install exe as administrator.  Nothing happens.  If I copy the package files to the local hard drive and run, then this works fine.  The installer appears as a running process, and carries out the install silently.  The FireSvc and HipMgmt processes appear, and the install completes.  The McAfee Agent Monitor then shows that policies are being enforced for HOSTIPS_8000.

      Now I appreciate that Step 1 above advises that the installation package should be copied to the computer, however I was wondering if I could seek clarification on the below:

       

      Q1) Although KB52586 advises that the Host IPS 8.0 installer is hard coded, I note that the package still contains setup.ini files.  Are these actually used?  I can certainly run some tests, but if I did add INSTALLDIR, is it possible to advise now if this would work?  Would it be supported?  UPDATE: After carrying out a quick test, it doesn't appear to work.
      Q2) What is actually hard-coded in the Host IPS 8.0 installer?  Is this hard coding the reason that we can not run the installer from a RO source, such as the ISO?
      Q3) Are we essentially stuck with having to copy the package to the computer first?  Are there any plans to change this, or would we need to follow the PER process to request this?

      Q4) What does the exe actually do, under the hood?

       

      Thanks in advance,

       

      Darren

       


      Notes on ISO creation and server setup:

      - Extracted contents of HIP80LMLRP4.zip
      - Right clicked on Folder and created an non-bootable ISO file (using trial copy of PowerISO)
      - Created 3 vanilla Windows servers (2008R2, 2012 and 2012R2)
      - Each of the servers has McAfee Agent 4.8.0.1500 (4.8 P2 RTW) installed

        • 1. Re: Unable to install Host IPS 8.0 from read only media
          Kary Tankink

          We are currently trying to incorporate the Host IPS client package into our gold build process.

          This would be better accomplished using: 

          KB58425 - How to deploy the Host Intrusion Prevention agent using a disk image

           

           

          Installing the Windows client locally

          - As per the Product Guide "Installing the Windows Client" locally section, we are attempting to install via the exe as described.  I want to call out the following:
          - Step 1: Copy the client installation package file to the computer
          - Step 2: Run the installation program (McAfeeHip_ClientSetup.exe) in the package
          - Step 3: Follow the on screen instructions to complete the installation

           

          There shouldn't be any on-screen instructions (regardless of this being stated in the Install Guide; you may see a very short blip of command line window while HIPS drivers are being installed though).  HIPS installs silently and without user interaction when using the McAfeeHip_ClientSetup.exe.  Monitor Task Manager to verify when the McAfeeHip_ClientSetup.exe process exits, then verify successful or failed installation in its install log file (C:\Windows\Temp\McAfeeLogs\McAfeeHip8_Install_8.0.0.####.log).

           

           

          The first issue that we have is that we are trying to install from the ISO.  On each of the virtual servers, I open the ISO as a CD/DVD, and attempt to run the install exe as administrator.  Nothing happens.  If I copy the package files to the local hard drive and run, then this works fine.

          Per the HIPS 8 Installation Guide (PD22891), the HIPS installer package should be locally on the system (e.g., not running from removable media or network drives).

           

           

          I was wondering if I could seek clarification on the below:

           

          Q1) Although KB52586 advises that the Host IPS 8.0 installer is hard coded, I note that the package still contains setup.ini files.  Are these actually used?  I can certainly run some tests, but if I did add INSTALLDIR, is it possible to advise now if this would work?  Would it be supported?  UPDATE: After carrying out a quick test, it doesn't appear to work.

          I'm not sure exactly if they are used, but you cannot modify the .INI files to change the MSI installation (like you could with HIPS 7.0).  Modifying the installer in any way is not supported.

           

           

          Q2) What is actually hard-coded in the Host IPS 8.0 installer?  Is this hard coding the reason that we can not run the installer from a RO source, such as the ISO?

          See above.  The installer must be on the local client.

           

          Q3) Are we essentially stuck with having to copy the package to the computer first?  Are there any plans to change this, or would we need to follow the PER process to request this?

          Yes or pre-install HIPS and pre-configure policies per KB58425.  Please submit a PER if you would like to request additional functionality.

           

          Q4) What does the exe actually do, under the hood?

          The installer runs a few different things (Windows hotfix; Visual C++ Redistributable software requirements, etc.).  The exact process is not documented.  Using the .MSI file does not perform all these actions (therefore unsupported), and the HIPS product will (may) not function properly.

          • 2. Re: Unable to install Host IPS 8.0 from read only media
            dmease729

            Hi Kary,

             

            It may be better accomplished using KB58425, and indeed I have done this before in previous environments (however was not aware of the FireTDI key for HIPS - this must have been fixed by somebody else, but at least it was my lesson learned today!), however it does not fit in with the build process within this environment, so my requirements remain not met.

             

            Regards the comments on Step 3 - I concur - this is what I have seen when the EXE installs from local disk.   I also run a raft of other checks (recently finding, for example, that hipmgmt fails to start on 2008 and above systems after a reboot - current workaround is to set to automatic with delayed start, and it is meant to be fixed in patch 6, but have not tested this yet).

             

            I am aware of the Installation guide - this was an open question just to confirm that there is definitely, 100%, no way to do what we want to do.  I believe I have the answer :-)  Quick question - you are McAfee/Intel aren't you?  Not being cheeky, I just need a formal vendor response (a case has been raised) - I believe you are, as all of your answers tend to be of high quality and very knowledgeable, but just checking!

             

            Answer to Q1) cheers for confirming

             

            Answer to Q2) not answered the question (although I believe the nature of the question may not be answerable by people other than devs)

             

            Answer to Q3) Aware of (sometimes very painful) PER process - cheers for confirming!

             

            Answer to Q4) Cheers for the info - again, a full answer (although I doubt I will ever receive, and can understand why) may only come from dev

             

            Thanks as always!

             

            Darren

            • 3. Re: Unable to install Host IPS 8.0 from read only media
              Kary Tankink

              Quick question - you are McAfee/Intel aren't you?  Not being cheeky, I just need a formal vendor response (a case has been raised)

              Yes, but for formal answers, open a Service Request (as you already did).