Running into a HIPS firewall issue. Our system administrators need to be able to "C$" or "psexec.exe" into system file shares from time to time and are being blocked by the HIPS Firewall. Looking through the logs, the only issue that I see was "ms-ds" being blocked on port 445. To test it I created a rule to allow "ms-ds", No luck. I then tried to use learn mode to capture a specific signature I may be missing but it didn't give me anything useful that I could use. There are a bunch of SVCHOST.exe processes that are being blocked but I don't know if any of them are relevant. Any ideas anyone?
What FW rule is blocking the traffic? If it's the BLOCK ALL TRAFFIC rule, then try turning on Firewall Adaptive mode (not IPS signatures) to see if the FW will create rules to allow it. Then you can add those rules to your policy.
KB67055 – How to troubleshoot a network facing application, or traffic is blocked by Host Intrusion Prevention firewall