cancel
Showing results for 
Search instead for 
Did you mean: 
ssingh
Level 7

HID Firewall Blocked all kind of Network traffic on Deskotp

Hello All,

I have deployed the HIPS (Firewall) 8.0 Patch 2 on one of desktops, after installing it on machine, I am not able to do RDP, or other network activity on that machine.

Any help on it ?

Regards,

0 Kudos
4 Replies

Re: HID Firewall Blocked all kind of Network traffic on Deskotp

Hello ssingh,

This may be a stupid question, but are your firewall rules set up to allow RDP and the other network activity on that machine? 

In the HIPS console, you will see what rules exist - there will be default rules for communication with an EPO server if you deployed from EPO, and you should see a "block all traffic" rule.  Te HIPS firewall operates in a "deny by default" mode, so if you do not have a rule that explicitly allows RDP (either the application or the TCP/UDP ports associated with the protocol), it will be blocked by the implicit "block all traffic" rule.

You can look at the log tab in the HIPS console to see what rule is causing the RDP traffic to be blocked.

0 Kudos
jarbassaidai
Level 7

Re: HID Firewall Blocked all kind of Network traffic on Deskotp

I have the same problem with and rdp rule that looks like it meets all the critiera for the logged failure message

Why doesn't the rule work ?

here is the blocked message

**********************

Time: 6/6/2014 6:47:30 PM

Event:     Traffic

IP Address/User: 192.168.0.5

Description:    SYSTEM

Path: SYSTEM

Message:   Blocked Incoming TCP -  Source 192.168.0.5 :  (40231)  Destination 192.168.0.28 : rdp (3389)

Matched Rule:   Block All Traffic

*******************************

here is the rule that didn't match  but I don't see why

failed.rdp.rule.png

0 Kudos
greatscott
Level 12

Re: HID Firewall Blocked all kind of Network traffic on Deskotp

Remove the application path from your RDP rule, then test it again. It looks like you have it specified as svchost.exe, where the block is saying it's System.

0 Kudos
jarbassaidai
Level 7

Re: HID Firewall Blocked all kind of Network traffic on Deskotp

That worked to remove the svchost.exe from the rule  Thanks !!!!

0 Kudos