Hello, I am attempting to communicate with the SCCM server via my client, I've created a rule where I allow the TCP/IPv4 and IPv6 protocol, all of the remote or local networks, local service is all inclusive, the remote service specify only ports 80, 443 and the SCCM executable to communicate between the SCCM server and a client. I've added a snapshot of the HIPS log below:
Event: Traffic IP Address/User: XXX.XXX.XXX.2
Description: Host Process for Microsoft Configuration Manager (CcmExec)
Message: Blocked Outgoing TCP - Source .XX.15 : (62705) Destination .XX.2 : http (80) Matched Rule: DENY ALL (Keep At Bottom!).
After creating this rule, I'm still receiving the blockage from my client to the SCCM server, please assist.
if you defined File Description details of the executable, make sure you have the right value set (ref KB71735), or don't specify a value. This is a common area of rule misconfiguration.
KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention
I've made the adjustments you suggested and no dice, still unable to communicate between server and client on the same LAN. I've attached a screenshot of the adjustment I made to the firewall rule.
The File Descriptions still are not accurate. Please see the example in the previously mentioned KB about what the correct value should be (if you plan on using that criteria).