Third-party software fails to install with HIP7.0 IPS module

kafan_Seal

Corporate knowledgebase ID: KB60391 Published: Dec 3, 2010
Environment

McAfee Host Intrusion Prevention 8.0
McAfee Host Intrusion Prevention 7.0

For details of all supported operating systems, see KB51109.

Problem

Third-party software installation fails or stops responding when Host Intrusion Prevention is installed.

Cause
A low-level architectural problem related to process injection for short-lived processes exists which is unable to be fully addressed in the current Host Intrusion Prevention 7.0 for Windows client release.
  Host Intrusion Prevention utilizes process injection to monitor API calls for specific processes to provide host intrusion security protection.

Some third-party installation packages that utilize the Windows installer (msiexec.exe) spawn several short-lived instances of the msiexec.exe process. A possible thread lock can occur during process injection for one of these msiexec.exe instances and cause the installation to stop responding or fail.


Solution
This issue is fully resolved with Host Intrusion Prevention 8.0, which is tentatively expected to reach the Released to World (RTW) cycle in mid-December 2010.

NOTE: McAfee Host Intrusion Prevention 8.0 has improved synchronous threading architecture for short-lived process injections.

Workaround

If you encounter this issue with a specific installer package, temporarily exclude the Windows Installer process (msiexec.exe) from the Host IPS Application Protection list during the third-party installation:

NOTE: Host Intrusion Prevention 7.0 Patch 3 (or later) is required to apply this workaround successfully.

• Log on to the ePO 4.0 console.
• Click Systems.
• Select the group or system to be changed and click the Policies tab.
• In the Product drop-down list, select Host Intrusion Prevention 7.0.3:IPS.
• Edit the IPS Rules (All Platforms) category.
• Click the Application Protection Rules tab.
• In the Search field, type Microsoft Installer, and press ENTER.
• Click Edit for this rule.
• In Inclusion status, click Exclude from the Application Protection List, and click OK.
• Click Save.
  

IMPORTANT: To ensure that you are fully protected, re-enable protection for msiexec.exe when the installation is complete.

lamour

抬头看了下时间，才12月4日呢，慢慢等。

大猫熊

太好了！！！！！！！！！等下载！！！