cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 1 of 9
‎12-06-2019 04:55 AM

HIPS blocking application connectsetup.exe installation

I am attempting to install an adobe application, I cannot install Adobe application due to HIPS blocking it. I've created a Firewall Rule

Action: Allow

Direction: Either

Media: All types

Protocol: TCP/IPv4 and 6

Local Networks: All vlans on our network

Remote Service: 80, 443

Applications: ConnectSetup.exe

When I apply the policy to a test device, I see that it is being blocked from installation within the HIPS logs:

Event: Traffic
IP Address/User: 23.46.61.118
Description: Connect App web Setup (ConnectSetup.exe)
Path: C:\Users\\Downloads\ConnectSetup.exe
Message: Blocked Outgoing TCP - Source  : (51807) Destination 23.46.61.118 : https (443)
Matched Rule: 443_OUT_BLOCK

 

 

0 Kudos
Reply
8 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9
‎12-06-2019 06:19 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

Thank you for your post. Looks like the Rule: 443_OUT_BLOCK is placed higher than the allow rule you have created. I would request you to look into the policy in place to confirm the same. Please keep us posted!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9
‎12-06-2019 06:22 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

This suggestion is due to the fact that we process our Firewall Rules from Top to bottom, So if you prefer allowing any application because of it being blocked by one of your rules, you need to place the allow rule on top of the block rule for it to take effect. I sincerely hope this helps! 🙂

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 4 of 9
‎12-06-2019 06:28 AM

Re: HIPS blocking application connectsetup.exe installation

Good morning @AdithyanT,

I've placed the firewall rule I created right above the 443_Out_Block rule, still unable to install the application. 

0 Kudos
Reply
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9
‎12-06-2019 06:44 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

Thank you for your response. This would mean that the allow rule criteria is not being met by the traffic generated by the application.

The Best logic to be followed here is to relax the rule from being specific to generic on each category. I would start with this part: Local Networks: All vlans on our network

Have you tried the below KBA:

How to troubleshoot a network-facing application or traffic that the Host Intrusion Prevention firewall is blocking: https://kc.mcafee.com/corporate/index?page=content&id=KB67055

Also Adaptive mode might come in handy to learn the rule  that is required here. Please let me know if this is of any help to you, otherwise, logging a support case would be the best way to go here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9
‎12-06-2019 08:00 AM

Re: HIPS blocking application connectsetup.exe installation

@Jdtjordan1983  Can you please verify how you defined the ConnectSetup.exe inside the FW rule?  A common misconfiguration is defining the incorrect FILE DESCRIPTION value (if used).

KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention

Reply
ZGreen
Level 10
Report Inappropriate Content
Message 7 of 9
‎01-08-2020 03:12 PM

Re: HIPS blocking application connectsetup.exe installation

Check and see when the last time that system successfully pulled an updated from the ePO. The exception may be correct but HIPs may not be functioning properly.

Reply
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 8 of 9
‎03-11-2020 11:26 AM

Re: HIPS blocking application connectsetup.exe installation

I've built a new ePO server we're at version 5.10 now. I'm still experiencing the same issue as previously. 

0 Kudos
Reply
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎03-11-2020 09:48 PM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

Thank you for updating us. I am not sure if an ePO upgrade would resolve this issue. I would recommend creating a Service Request so that we can have better investigation via the logs for you to resolve this issue.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC