cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theglot
Level 11
Report Inappropriate Content
Message 1 of 2

HIPS Firewall broken Sessions (Firewall dropping connection/session)

Got a fun one.  After the ENS OCT update, SYSCORE caused some strange things.   Now I am seeing the HIPS Firewall have an inbound connection and ID the application, IP/Port local and IP/Port remote, but then see another rule fire for the outbound traffic but without the Application.  A bad thing when you are doing port white-listing via application, port and IP.  On our new server, managed by the same ePO with the same modules and policy,  I see the inbound traffic with application/ip/port as excepted/normal with no outbound traffic (as excepted/normal).   Am I'm on the right track with thinking its a corrupt SYSCORE?

1 Reply
Solidcore
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: HIPS Firewall broken Sessions (Firewall dropping connection/session)

Thanks for raising your question here in the community forum,

The ENS OCT update SYSCORE does not conflict with HIPS SYSCORE,

Suggest you to check the compatibility KB of HIPS with other McAfee products.

https://kc.mcafee.com/corporate/index?page=content&id=KB70778

I suggest you to start troubleshooting from the beginning to isolate suspected component in HIPS blocking the traffic.

https://kc.mcafee.com/corporate/index?page=content&id=KB54960

We know very well HIPS works as implicit block and explicit allow,  The traffic will be allowed when it matches the rule, If the rule is already in place.

Also check in local HIPS console the Firewall rule is enforced.

Put the machine in Adaptive mode (rules are learned automatically) and check if blocked traffic is allowed.

Automatically if the Adaptive mode allows the traffic then you can configure the new adaptive rule to allow the inbound traffic.

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community