Table of Contents
Advertisement
Appendix B — Troubleshooting
General issues
How do I isolate a component in Host IPS to find out which one is causing a problem?
NOTE:
This process includes steps that might require repeated restarts, logons, or recreating
issues. The following steps should be performed on the local client system with the Host IPS
console. If you find the cause of the issue but cannot resolve it, forward the logs you obtain to
McAfee Support.
Disable all components and test for failure:
1
Disable IPS: Click the IPS Policy tab, and deselect Enable Host IPS and Enable Network
IPS.
2
Disable Firewall: Click the Firewall Policy tab, and deselect Enable Firewall.
3
Clear the Blocked Hosts list: Click the Blocked Hosts tab and clear the list by selecting each
entry and clicking Remove.
4
Enable Activity logging: Click the Activity Log tab and verify that all traffic logging and
filter option checkboxes are selected.
5
Test the system to see if the problem recurs:
• If the problem persists, continue to Step 6,
• If the problem stops, skip to Step 1 of the Iterative testing phase .
6
Check the following:
• Stop the McAfee Host IPS service and retest. If the problem goes away, report the issue
as associated directly with the service.
• Uninstall the Host IPS client from the local system and retest. If the problem goes away,
report the issue as associated with installed files and not a specific component.
Iterative Testing phase of each component:
Test Host IPS
1
Click the Activity Log tab and clear the log.
2
Click the IPS Policy tab and select Enable Host IPS.
3
Test the system to determine if the problem recurs:
• If the problem does not recur, skip to Step 5, Test Network IPS.
• If the problem recurs:
1
Deselect Enable Host IPS.
2
Retest to verify the problem goes away. If the problem is resolved, Host IPS can
potentially be associated with the issue.
3
Save a copy of the Activity log and name it Host IPS Activity Log wProb, for
reporting to support.
4
Select Enable Host IPS and verify that the problem returns.
Test all IPS engines
1
Click Help and select Troubleshooting.
2
Select Error reporting under IPS logging.
3
Select Log security violations.
4
Click Functionality.
5
On the HIPS Engines dialog box, deselect Enable / Disable all engines and click OK.
6
Test the system to determine if the problem recurs.
138
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention
Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files