HIPS IPS signatures exceptions are not working properly
Technical Articles ID:
KB93613
Last Modified: 10/29/2020
Environment
McAfee Host Intrusion Prevention (Host IPS) 8.0
Problem
Some HIPS IPS signatures do not work correctly. For example, Signature 6010 and 6011.
Cause
HIPS IPS signatures do not contain Signer certification information.
As an example, IPS Signature exceptions were created for executables that contain Signer certificate values to negate signature events. But, the signatures continued to trigger incorrectly due to the missing Signer certificate value in the HIPS events. This caused Signature exceptions to not properly negate events as expected at random times.
Solution
This issue is resolved in the Host Intrusion Prevention 8.0.0 Patch 15 Hotfix 9004836 RTS build.
McAfee Enterprise investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
