I keep seeing Blocked Incoming Non-IP Protocol : 0x886d in the Activity Log. I have turned the box checked for unsupported protocols, but this is still showing up and shows up quite frequently. Has anyone figured out how to make this go away?
Did you get application name which is responsible for these traffic? If yes than add into trusted application and it will not come.
If not than add into firewall Non-IP Protocol rule, refer below screen shot :
Let me know if it resolve the issue.
I created that rule already and now I see it show allow over and over again. There is no application being shown. It is just very odd that this is happening.
Try to check the option Allow traffic for unsupported protocols under Firewall Options and see if logs captured in activity log or not.
I already had that checked. I did figure something out, the problem is coming from INTEL Nic's. I have to work with the server team to figure out the rest of the problem. Though I am confused on why having Allow traffic for unsupported protocols checked is still logging this traffic and not just passing the traffic without showing it in the Activity Log.
I have checked more and we don't have such option in HIPS for not to log specific firewall events in activity log.