Hello, I am attempting to communicate with the SCCM server via my client, I've created a rule where I allow the TCP/IPv4 and IPv6 protocol, all of the remote or local networks, local service is all inclusive, the remote service specify only ports 80, 443 and the SCCM executable to communicate between the SCCM server and a client. I've added a snapshot of the HIPS log below:
Event: Traffic IP Address/User: XXX.XXX.XXX.2
Description: Host Process for Microsoft Configuration Manager (CcmExec)
Path: C:\WINDOWS\CCM\CcmExec.exe
Message: Blocked Outgoing TCP - Source .XX.15 : (62705) Destination .XX.2 : http (80) Matched Rule: DENY ALL (Keep At Bottom!).
After creating this rule, I'm still receiving the blockage from my client to the SCCM server, please assist.
Hi @Jdtjordan1983 Can you show screenshots of the firewall rule you created? Or if possible, open a Service Request with our Support team and we can further verify the rule is setup correctly.
if you defined File Description details of the executable, make sure you have the right value set (ref KB71735), or don't specify a value. This is a common area of rule misconfiguration.
KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention
Hello ktankink,
as requested, I've attached a screenshot of the rule that was created for SCCM.
Hello ktankink,
I've made the adjustments you suggested and no dice, still unable to communicate between server and client on the same LAN. I've attached a screenshot of the adjustment I made to the firewall rule.
The File Descriptions still are not accurate. Please see the example in the previously mentioned KB about what the correct value should be (if you plan on using that criteria).
Example:
Hello, I've added the file description name and still receive the Blocked Outgoing TCP from the client to the server on the same VLAN.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA