cancel
Showing results for 
Search instead for 
Did you mean: 
jase4867
Level 7

HIPS 8 - Dynamically Created Rules

We are currently rolling out HIPS 8, and have configured a default firewall ruleset which covers all the standard apps we run across the company. There are a few users, probably around 15 out of 2000, who use Dropbox. We don't consider Dropbox a standard, so it isn't in the ruleset.

Currently, HIPS is running in Learn mode, so the users of Dropbox are constantly seeing firewall alerts with the following info:

Direction: Incoming

Protocol: UDP

Local Port: 17500

Local Address: 255.255.255.255

Remote Address: internal IP

Remote Port: 17500

When these alerts come up, the users click on Allow, but it doesn't generate a dynamic rule. Am I correct in thinking this is expected behavior since it is incoming UDP traffic? If not, why isn't it saving a dynamic rule on the receiver's machine?

If I'm following the flow correctly, it looks like Computer A has a Dropbox client installed, and that client is sending broadcast traffic. When it hits Computer B, which also has a Dropbox client, it throws up the alert on Computer B, and at that point they can either Allow or Deny the traffic.

Not sure if it matters, but we're running ePO 4.6.6, VSE 8.8, and MA 4.6. All clients are running Win7. HIPS 8 is at patch 2 with the latest hotfix.

Thanks for any info you can provide.

0 Kudos