CA HIPS [aka Tiny Firewall] users need to upgrade!

Discussion in 'other firewalls' started by DorisNunez, Apr 20, 2011.

Thread Status:
Not open for further replies.
  1. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    hi there,
    fellow power users of CA HIPS. since you already know that the latest version of tiny firewall 5.6.126 was launched as CA HIPS 1.5.286
    * folder Leaning_mode_tool which has a file Harness.1.5.286.exe

    install this and you have the very updated version of Tiny Firewall and updates to IDS can be downloaded from http://cahipsdownload.ca.com/

    this was a best we got a upto date version of tiny firewall and also updates - essential to keep IDS / IPS up to date
     
    Last edited by a moderator: Apr 21, 2011
  2. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    however now it seems that anything that has HIPSClient - this is an internal component of the CA HIPS - harness has a security hole as can be seen from here http://www.securityfocus.com/bid/46539
    and confirmed from CA here
    https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}

    it would seem the correct way to close this hole it to upgrade to Harness.1.6.450.exe rather than 1.5.286

    now we must begin hunt for this particular version of software.
    i think it could be found in one of the following products that CA released
    CA Total Defence Pro R12
    CA Integrated Threat Management
    CA Gateway Security.
     
    Last edited: Apr 20, 2011
  3. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    since most of the systems that are protected by CA HIPS are still using the old version of Harness i found something that may be best.
    CA HIPS Managed Client Install this has been patched to the latest version and this seems to be the latest incarnation of Tiny Firewall / CA HIPS Harness

    can someone please confirm this ? the latest version of ca hips is critical fix 3

    i could download CA_HIPS_r8.1_CF3_3.exe from ftp://ftp.ca.com/CAproducts/unicenter/CAHIPS/nt/0809/RO26950/RO26950.CAZ

    .caz file like zip files which can be extracted by Cazipxp.exe - this file Cazipxp.exe can be download from CA site for free.
     
  4. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    CA HIPS Managed Client Install
    this is available in both 32 bit and 64 bit version !

    however i have encountered an error as show in the following screen shots !
    CA HIPS Managed Client Install Error.JPG


    please help me resolve this error - so that we ( as a power users who loved tiny and CA HIPS harness ) can enjoy this software like that again.

    WinXP-SP3-2011-04-02-16-18-21.PNG
     
  5. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    61
    Make a fake UmxCC.xml, the installation will go through without problem.

    i.e.

    <?xml version="1.0" encoding="UTF-8"?>
    <parameters>

    <!--Maintenance name="Sample 1 - Create log" option="every" time="Th#0:00-23:59|Fr#0:00-23:59" timeinterval="1440">
    <Action type="setpolicy" path="sandbox" params="disable"/>
    <Action type="runw" path="cmd /c mkdir &quot;%InstallDir%Maintenance&quot;"/>
    <Action type="runw" path="cmd /c dir /-C /Q c:\ &gt; &quot;%InstallDir%Maintenance\dir.log&quot;"/>
    <Action type="setpolicy" path="all" params="enable"/>
    <Action type="eventlog" path="eventlog" params="error"/>
    </Maintenance>

    <Maintenance name="Sample 2 - Set policy On" option="once" assignment="?,?,Unknown,WinXP,Unknown,Unknown,Intranet">
    <Action type="setpolicy" path="all" params="enable"/>
    </Maintenance-->
    </parameters>
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,964
    An error with a CA product? You have got to be kidding me ...

    BTW- the way CA treated paid TPF users when they took over the program was pretty brutal.
     
  7. xuesisi

    xuesisi Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    71
    any new version of CA HIPS Harness? link?
    my ver is still 1.5.256
     
  8. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Thank you for these posts Doris!!!

    The old TPF with the old IDS file has too many exploitable holes in it to be useful anymore.
     
  9. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    None of these posts lead to a straight forward upgrade/installation!
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.