I am attempting to install an adobe application, I cannot install Adobe application due to HIPS blocking it. I've created a Firewall Rule
Media: All types
Protocol: TCP/IPv4 and 6
Local Networks: All vlans on our network
Remote Service: 80, 443
When I apply the policy to a test device, I see that it is being blocked from installation within the HIPS logs:
IP Address/User: 184.108.40.206
Description: Connect App web Setup (ConnectSetup.exe)
Message: Blocked Outgoing TCP - Source : (51807) Destination 220.127.116.11 : https (443)
Matched Rule: 443_OUT_BLOCK
Thank you for your post. Looks like the Rule: 443_OUT_BLOCK is placed higher than the allow rule you have created. I would request you to look into the policy in place to confirm the same. Please keep us posted!
This suggestion is due to the fact that we process our Firewall Rules from Top to bottom, So if you prefer allowing any application because of it being blocked by one of your rules, you need to place the allow rule on top of the block rule for it to take effect. I sincerely hope this helps! 🙂
Thank you for your response. This would mean that the allow rule criteria is not being met by the traffic generated by the application.
The Best logic to be followed here is to relax the rule from being specific to generic on each category. I would start with this part: Local Networks: All vlans on our network
Have you tried the below KBA:
How to troubleshoot a network-facing application or traffic that the Host Intrusion Prevention firewall is blocking: https://kc.mcafee.com/corporate/index?page=content&id=KB67055
Also Adaptive mode might come in handy to learn the rule that is required here. Please let me know if this is of any help to you, otherwise, logging a support case would be the best way to go here.
Check and see when the last time that system successfully pulled an updated from the ePO. The exception may be correct but HIPs may not be functioning properly.
Thank you for updating us. I am not sure if an ePO upgrade would resolve this issue. I would recommend creating a Service Request so that we can have better investigation via the logs for you to resolve this issue.