It is possible to configure the HIPS FW to send events back to ePO but it's on a rule by rule basis. I would never recommend that all rules be configured to send events back to ePO unless you want to see fireworks.
It is not possible to get HIPS Firewall events to ePO.
When you mark a Firewall as "Treat as Intrusion", you're actually triggering a Network IPS Signature 3702 event violation (and if the IPS Option "Automatically block network intruders for X minutes" is enabled, can block the offending IP address). This requires this signature and Network IPS to be enabled. An intrusion event and Firewall activity event (in the HIPS ClientUI Activity log) are similar, but they do not contain all the same information. This also only works for BLOCKED FW rules too; there is no way to log ALLOW events in the Firewall. If you're trying to gather Firewall activity log events (BLOCK and/or ALLOW) to the ePO server, it is not possible in Host IPS 7 or 8.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.