cancel
Showing results for 
Search instead for 
Did you mean: 
dgunner
Level 7

A couple of HIPS event log queries

I've been using HIPS (7.0.0, build 1102) for a while and have come across a couple of things I'd like to clear up.

Why does some traffic appear in the log as blocked but there is no specific blocking rule? E.g. I have blocked incoming UDP on the local subnet (which is added as a trusted network) yet there isn't a single blocking rule in my policy?

Why, in this case doesn't HIPS create an exception if it is in adaptive mode?

If anyone can provide some guidance here it would be much appreciated.

0 Kudos
1 Reply
bgable
Level 11

Re: A couple of HIPS event log queries

Adaptive mode only learns outbound traffic, not inbound.

In addition, Host Intrusion Prevention 7.0 only learns rules for the following traffic:

  • ICMP
  • TCP
  • UDP
0 Kudos