cancel
Showing results for 
Search instead for 
Did you mean: 

Create a rule where the listener is "SYSTEM"

I am trying to enable BranchCache in my environment.  Branchcache requires the client to be able to receive traffic on port 80 from the local subnet to the [System Process]  PID 4.

I tried creating a rule with SYSTEM as the executable name, but that didnpt work.

I called in to tech support, who told me there's no way to have a firewall rule that targets SYSTEM and that I would have to open port 80 to all processes if I wanted SYSTEM to be able to respond to traffic on port 80.

Is this true?  Is there really not a way to open System to port 80 without opening port 80 to all processes?

4 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Create a rule where the listener is "SYSTEM"

Review the HIPS Activity log; if you find that the traffic is based on the SYSTEM PID, then System can be defined as the application name.  If the Application column is blank, then you cannot and the FW rule's executable details must be left blank too.

screenshot.jpg

screenshot2.jpg

Re: Create a rule where the listener is "SYSTEM"

The activity log does show SYSTEM in the application column of Activity Log.  I had the rule defined as you show in your screenshot with SYSTEM as the name and filename, but HIPS does not see that as a match and the traffic drops through to block all.

Only when I removed the SYSTEM from the Application rule did the traffic get through correctly.

But you are saying that it should work to list SYSTEM as the filename?

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Create a rule where the listener is "SYSTEM"

Works for me.

screenshot (5).jpg

screenshot (4).jpg

Highlighted

Re: Create a rule where the listener is "SYSTEM"

Ah, I see the trouble now.  Sometimes the traffic says "SYSTEM" and sometimes it doesn't.  Looks like it works ok.  Thanks.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community