The process tp enable this involves installation of the HIPS agent, configuring the agent, verifying that the agent is communicating with the HIPS server.
- Installation of HIPS agent
Download the HIPS agent on the VM using winscp tool.
Uncompress the the file, it should contain the agent installer, agent-cert.ssl an agent certificate file, a pdf explaining the installation process.
Important aspect during installation is specifying the Primary Management Server = abc.com, Alternate Management Server = abc.com, source the agent-cert.ssl from the installation folder.
- Configuring the agent
Enter an alternate DNS entry for local area connection for communicating with the HIPS server as XX.XX.XXX.XX(IP)
Whitelist the HIPS server by making an entry in hosts file @ c:\Windows\Systems32\drivers\etc\hosts
Add entries for ip1 with abc.com && ip2 with abc2.com
- Verifying the HIPS agent communication
Reboot the VM (This is needed for the agent to start communicating to the server)
Connect using Remote Desktop and run this tool from command prompt
c:\Program Files<x86>\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe -v
If a connection successful message is returned, then the agent is communicating with the server.
If NOT, port 443 & 2222 needs to be opened in Dashboard using Egress rules as well as on all intermediate firewalls on the network.