HIPS IPS signatures exceptions are not working properly

Technical Articles ID: KB93613
Last Modified: 10/29/2020

Environment

McAfee Host Intrusion Prevention (Host IPS) 8.0

Problem

Some HIPS IPS signatures do not work correctly. For example, Signature 6010 and 6011.

Cause

HIPS IPS signatures do not contain Signer certification information.

As an example, IPS Signature exceptions were created for executables that contain Signer certificate values to negate signature events. But, the signatures continued to trigger incorrectly due to the missing Signer certificate value in the HIPS events. This caused Signature exceptions to not properly negate events as expected at random times.

Solution

This issue is resolved in the Host Intrusion Prevention 8.0.0 Patch 15 Hotfix 9004836 RTS build.

We investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.

See KB51560 - On-premises product release cycle for more information.

Affected Products

Host Intrusion Prevention 8.0 (EOL)

Knowledge Center

HIPS IPS signatures exceptions are not working properly

Environment

Problem

Cause

Solution

Affected Products

Title

Title

Knowledge Center

HIPS IPS signatures exceptions are not working properly

Environment

Problem

Cause

Solution

Affected Products

Choose your region

Title

Title