I have a system with HIPS 7 installed, and it's blocking traffic for a program which has an Allow rule created in the Firewall rules. At this point, it only seems specific to this one machine, as I've checked it on another, and it's working properly.
The Allow Rule states that TCP traffic inbound/outbound is allowed, but when you look at the Activity Log, the traffic is being blocked.
HIPS 7.0 Patch 2
The blocked program is AEXNSAGENT, which is the Notification Server Agent for Altiris.
It was the same results with trying to create a new rule. We ended up re-installing HIPS, and it seems to be working now. Not sure what happened, but hope it isn't something that's affecting other machines.
A couple fixes in patch for could help or resolve the issue.
Issue: Connection Aware Group matching fails when the incoming traffic destination is localhost. (Reference: 439529)
Resolution: Fixed matching logic of Connection Aware Groups to identify incoming traffic correctly to localhost.
<the fix in this area was seen in a CAG but would occur outside of a CAD as well. It was fixed for all instances. You should run patch 4 in Adaptive mode if you suspect this was the cause. The new rules will now be learned correctly.
Issue: Unrecognized non-IP traffic is not logged. (Reference: 450277) Resolution: Added logging for unrecognizable non-IP traffic. Both recognized and unrecognized non-IP traffic is now logged.