I am trying to enable BranchCache in my environment. Branchcache requires the client to be able to receive traffic on port 80 from the local subnet to the [System Process] PID 4.
I tried creating a rule with SYSTEM as the executable name, but that didnpt work.
I called in to tech support, who told me there's no way to have a firewall rule that targets SYSTEM and that I would have to open port 80 to all processes if I wanted SYSTEM to be able to respond to traffic on port 80.
Is this true? Is there really not a way to open System to port 80 without opening port 80 to all processes?
Review the HIPS Activity log; if you find that the traffic is based on the SYSTEM PID, then System can be defined as the application name. If the Application column is blank, then you cannot and the FW rule's executable details must be left blank too.
The activity log does show SYSTEM in the application column of Activity Log. I had the rule defined as you show in your screenshot with SYSTEM as the name and filename, but HIPS does not see that as a match and the traffic drops through to block all.
Only when I removed the SYSTEM from the Application rule did the traffic get through correctly.
But you are saying that it should work to list SYSTEM as the filename?