cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 1 of 7
‎12-06-2019 04:55 AM

HIPS blocking application connectsetup.exe installation

I am attempting to install an adobe application, I cannot install Adobe application due to HIPS blocking it. I've created a Firewall Rule

Action: Allow

Direction: Either

Media: All types

Protocol: TCP/IPv4 and 6

Local Networks: All vlans on our network

Remote Service: 80, 443

Applications: ConnectSetup.exe

When I apply the policy to a test device, I see that it is being blocked from installation within the HIPS logs:

Event: Traffic
IP Address/User: 23.46.61.118
Description: Connect App web Setup (ConnectSetup.exe)
Path: C:\Users\\Downloads\ConnectSetup.exe
Message: Blocked Outgoing TCP - Source  : (51807) Destination 23.46.61.118 : https (443)
Matched Rule: 443_OUT_BLOCK

 

 

0 Kudos
Reply
6 Replies
Highlighted
AdithyanT
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎12-06-2019 06:19 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

Thank you for your post. Looks like the Rule: 443_OUT_BLOCK is placed higher than the allow rule you have created. I would request you to look into the policy in place to confirm the same. Please keep us posted!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
AdithyanT
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 3 of 7
‎12-06-2019 06:22 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

This suggestion is due to the fact that we process our Firewall Rules from Top to bottom, So if you prefer allowing any application because of it being blocked by one of your rules, you need to place the allow rule on top of the block rule for it to take effect. I sincerely hope this helps! 🙂

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 4 of 7
‎12-06-2019 06:28 AM

Re: HIPS blocking application connectsetup.exe installation

Good morning @AdithyanT,

I've placed the firewall rule I created right above the 443_Out_Block rule, still unable to install the application. 

0 Kudos
Reply
AdithyanT
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 5 of 7
‎12-06-2019 06:44 AM

Re: HIPS blocking application connectsetup.exe installation

Hi @Jdtjordan1983,

Thank you for your response. This would mean that the allow rule criteria is not being met by the traffic generated by the application.

The Best logic to be followed here is to relax the rule from being specific to generic on each category. I would start with this part: Local Networks: All vlans on our network

Have you tried the below KBA:

How to troubleshoot a network-facing application or traffic that the Host Intrusion Prevention firewall is blocking: https://kc.mcafee.com/corporate/index?page=content&id=KB67055

Also Adaptive mode might come in handy to learn the rule  that is required here. Please let me know if this is of any help to you, otherwise, logging a support case would be the best way to go here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 6 of 7
‎12-06-2019 08:00 AM

Re: HIPS blocking application connectsetup.exe installation

@Jdtjordan1983  Can you please verify how you defined the ConnectSetup.exe inside the FW rule?  A common misconfiguration is defining the incorrect FILE DESCRIPTION value (if used).

KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention

Reply
ZGreen
ZGreen
Level 9
Report Inappropriate Content
Message 7 of 7
a week ago

Re: HIPS blocking application connectsetup.exe installation

Check and see when the last time that system successfully pulled an updated from the ePO. The exception may be correct but HIPs may not be functioning properly.

Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC