Perform the following SQL update to remove IPS exceptions that include tabs.
Before you begin:
- Confirm you have a complete and recent backup of the ePO database.
- Confirm you have recent Host IPS policy exports to serve as a policy backup.
NOTE: Depending on the speed of the SQL server, whether the database is being heavily utilized, and the number of rows being deleted, this script may take a long time to complete.
- Stop all ePO services, including any services on remote Agent Handlers (if you have any):
- Click Start, Run, type services.msc, and click OK.
- Right-click the following ePO services and select Stop:
McAfee ePolicy Orchestrator Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Application Server
- Open Microsoft SQL Management Studio.
- Connect to the ePO database.
- Click File, New Query.
- Paste the following SQL statement into the query window:
update EPOPolicySettingValues
set SettingValue = replace(SettingValue, CHAR(9), '')
where PolicySettingValuesID in (SELECT PolicySettingValuesID
FROM EPOPolicySettingValues as psv
INNER JOIN EPOPolicySettings as ps
ON psv.policysettingsID = ps.POlicySettingsID
INNER JOIN EPOPolicyTypes as pt
ON pt.typeID = ps.typeID
where pt.FeatureTextID = 'HOSTIPS_8000_IPS'
AND pt.CategoryTextID = 'IPS_Rules'
AND pt.TypeTextID = 'IPS_Rules'
AND psv.SettingName = 'Name'
AND psv.SectionName = 1
AND psv.SettingValue like '%'+CHAR(9)+'%')
- Click Execute.
- Start all ePO and remote Agent Handler services:
- Click Start, Run, type services.msc, and click OK.
- Right-click the following ePO services and select Start:
McAfee ePolicy Orchestrator Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Application Server
