cancel
Showing results for 
Search instead for 
Did you mean: 
petey_pablo
Level 7

HIPS addaptive mode creates client rules even though there's explicit allow rule

Hello All,

I am new in the community here. I wanted to share something I have found out through the use of adaptive mode with HIPS v.8, which I have no explanation for and maybe get some ideas from that members here what could be the cause.

OK, the case is through the adaptive mode, I have found out there are client rules created  for outgoing TCP 80, 443. What is strange is that I have an explicit firewall rule that allows this traffic. The number of these created rules is very low as compared to the total amount of rules but they are still present and I cannot explain what caused the application to create the rule. I am using trusted networks but for the rules that allow this traffic, they are not used so it should allow it for any location trusted or not. Any ideas?

Regards

0 Kudos
1 Reply
pierce
Level 13

Re: HIPS addaptive mode creates client rules even though there's explicit allow rule

Hey, only a possible answer... I had issues rolling out my new HIPs policy as if you put someone from old policy into adaptive on your new policy it will generate rules that are not on the old policy, rather than rules that are not on your new policy.

If that makes any sense at all...

my solution was to apply the 'enforced' new policy with 'delete client rules' set and then move them to adaptive after 5 minutes or so.

0 Kudos