I am new in the community here. I wanted to share something I have found out through the use of adaptive mode with HIPS v.8, which I have no explanation for and maybe get some ideas from that members here what could be the cause.
OK, the case is through the adaptive mode, I have found out there are client rules created for outgoing TCP 80, 443. What is strange is that I have an explicit firewall rule that allows this traffic. The number of these created rules is very low as compared to the total amount of rules but they are still present and I cannot explain what caused the application to create the rule. I am using trusted networks but for the rules that allow this traffic, they are not used so it should allow it for any location trusted or not. Any ideas?
Hey, only a possible answer... I had issues rolling out my new HIPs policy as if you put someone from old policy into adaptive on your new policy it will generate rules that are not on the old policy, rather than rules that are not on your new policy.
If that makes any sense at all...
my solution was to apply the 'enforced' new policy with 'delete client rules' set and then move them to adaptive after 5 minutes or so.