Knowledge Center

How to apply Microsoft Windows operating system patches when the Host Intrusion Prevention 8.0 client is enabled in protect mode
Technical Articles ID:   KB54778
Last Modified:  4/6/2017


McAfee Host Intrusion Prevention (Host IPS) 8.0


McAfee recommends that you test new operating system (OS) Service Pack (SP) installations on Host IPS clients in Log mode in a non-production test area to monitor for any security events. After testing, create any appropriate exceptions if required. Alternatively, enable IPS in Adaptive mode, which will create an IPS exception if one is required during the SP install.
  • Apply the appropriate exceptions to your named policy for Host IPS before installing the OS update in your production environment.
  • Apply the exceptions to the Host IPS policy before installing an OS patch or SP while the Host IPS client has IPS enabled and running in Prevent High severity reaction mode.

The syntax for applying the exceptions should be defined as drive:\*\i386\update\update.exe

NOTE: The * wildcard is for the dynamically created parent folder (for example: d:\813959b0c311cb6685d\i386\update\update.exe).

Steps to perform before applying an OS patch or SP to a Host IPS client running in Prevent High severity reaction mode:

  1. Apply the OS patch or SP on a selected test computer in Warning mode to identify any events that may be triggered.
  2. Create appropriate exceptions and re-test to ensure no other signatures are triggered.
  3. Apply exceptions to production Host IPS clients before rolling out patch updates.
For Host IPS 8.0, the new option Startup IPS protection enabled could interfere with the completion of SP updates during system restarts. If you experience this issue, disable this option prior to restarting when you apply updates:
Startup IPS protection enabled — Select this option to apply a hard-coded set of file and registry protection rules until the Host IPS service has started on the client.
See PD22894 - Host Intrusion Prevention 8.0 Product Guide for more details on this feature.


The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.