CA HIPS [aka Tiny Firewall] users need to upgrade!

Discussion in 'other firewalls' started by DorisNunez, Apr 20, 2011.

Thread Status:
Not open for further replies.
  1. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    hi there,
    fellow power users of CA HIPS. since you already know that the latest version of tiny firewall 5.6.126 was launched as CA HIPS 1.5.286
    * folder Leaning_mode_tool which has a file Harness.1.5.286.exe

    install this and you have the very updated version of Tiny Firewall and updates to IDS can be downloaded from http://cahipsdownload.ca.com/

    this was a best we got a upto date version of tiny firewall and also updates - essential to keep IDS / IPS up to date
     
    Last edited by a moderator: Apr 21, 2011
  2. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    however now it seems that anything that has HIPSClient - this is an internal component of the CA HIPS - harness has a security hole as can be seen from here http://www.securityfocus.com/bid/46539
    and confirmed from CA here
    https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53A608DF-BFDB-4AB3-A98F-E4BB6BC7A2F4}

    it would seem the correct way to close this hole it to upgrade to Harness.1.6.450.exe rather than 1.5.286

    now we must begin hunt for this particular version of software.
    i think it could be found in one of the following products that CA released
    CA Total Defence Pro R12
    CA Integrated Threat Management
    CA Gateway Security.
     
    Last edited: Apr 20, 2011
  3. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    since most of the systems that are protected by CA HIPS are still using the old version of Harness i found something that may be best.
    CA HIPS Managed Client Install this has been patched to the latest version and this seems to be the latest incarnation of Tiny Firewall / CA HIPS Harness

    can someone please confirm this ? the latest version of ca hips is critical fix 3

    i could download CA_HIPS_r8.1_CF3_3.exe from ftp://ftp.ca.com/CAproducts/unicenter/CAHIPS/nt/0809/RO26950/RO26950.CAZ

    .caz file like zip files which can be extracted by Cazipxp.exe - this file Cazipxp.exe can be download from CA site for free.
     
  4. DorisNunez

    DorisNunez Registered Member

    Joined:
    Apr 20, 2011
    Posts:
    4
    CA HIPS Managed Client Install
    this is available in both 32 bit and 64 bit version !

    however i have encountered an error as show in the following screen shots !
    CA HIPS Managed Client Install Error.JPG


    please help me resolve this error - so that we ( as a power users who loved tiny and CA HIPS harness ) can enjoy this software like that again.

    WinXP-SP3-2011-04-02-16-18-21.PNG
     
  5. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    46
    Make a fake UmxCC.xml, the installation will go through without problem.

    i.e.

    <?xml version="1.0" encoding="UTF-8"?>
    <parameters>

    <!--Maintenance name="Sample 1 - Create log" option="every" time="Th#0:00-23:59|Fr#0:00-23:59" timeinterval="1440">
    <Action type="setpolicy" path="sandbox" params="disable"/>
    <Action type="runw" path="cmd /c mkdir &quot;%InstallDir%Maintenance&quot;"/>
    <Action type="runw" path="cmd /c dir /-C /Q c:\ &gt; &quot;%InstallDir%Maintenance\dir.log&quot;"/>
    <Action type="setpolicy" path="all" params="enable"/>
    <Action type="eventlog" path="eventlog" params="error"/>
    </Maintenance>

    <Maintenance name="Sample 2 - Set policy On" option="once" assignment="?,?,Unknown,WinXP,Unknown,Unknown,Intranet">
    <Action type="setpolicy" path="all" params="enable"/>
    </Maintenance-->
    </parameters>
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    An error with a CA product? You have got to be kidding me ...

    BTW- the way CA treated paid TPF users when they took over the program was pretty brutal.
     
  7. xuesisi

    xuesisi Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    71
    any new version of CA HIPS Harness? link?
    my ver is still 1.5.256
     
  8. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Thank you for these posts Doris!!!

    The old TPF with the old IDS file has too many exploitable holes in it to be useful anymore.
     
  9. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    None of these posts lead to a straight forward upgrade/installation!
     
Loading...
Thread Status:
Not open for further replies.