I am trying to run Windows WMI queries on my network and when I have the HIPS Firewall enabled the queries work most of the time. I turned off the firewall and naturally all my queries work like a charm. I ran a report displaying the status of my client computers firewall and I saw numbers for various rule counts. I am thinking that some of my computers are blocking my queries due to some rulesets that were not cleared previously. I have even unchecked the "Retain existing client rules when this policy is enforced" when I enable the firewall as well. If I uninstall HIPS from my client computers, does that wipe all the client rules off the computer.
If I uninstall HIPS from my client computers, does that wipe all the client rules off the computer.
Yes. Uninstalling Host IPS removes all rules from the system. If you reinstall it, then it will download the firewall rules from your ePO policies and enforce them again, though (or start learning rules if you put the Firewall in Learn/Adaptive mode.)
Thanks, I just moved a group of computers to a test group. I turned the firewall back on in Adaptive mode with the Retain client rules option checked as well. I am running an inventory program on those computers right now and it seems to be stuck on one computer. Any reason why the fireall rules would be hindering WMI queries.
If the WMI queries need to access remote resources, and the required traffic is not being learned via Firewall Learn/Adaptive mode, then you'll need to review the HIPS Activity log to find the blocked network traffic and manually write rules for it.