Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

How to permit UDP port traffic in HIPS 8

Hi  Team,

One  of  my  internal  application  is  blocked  by  HIPS  , but  logs  shows  only blocked  incoming  UDP  on  Bootps  port  67  and  68 .  default  rules  has  already  allows  these  port  but  still  seeing  below  error  from  the  logs; Could  you  please  advise  how  to  process  with  this  error . Adaptive  Mode  was  enabled  but  still  have  the  issue.     Allow  bootp  rule is  attached .

0/09/2014 11:18:12 FireCore.cpp[6131] VERBOSE  (3228) handleNotificationEventLog() - traffic event received:

Mode = traffic

Process id = 0




Source port = 68

Dest port = 67

Ip protocol = 17

Ethernet type = 0x800

Process path =

Local ip addr =

Remote ip addr = 10.xx.xx.xx

Source MAC = 00-9c-02-1a-67-9e-00-00

Dest MAC = ff-ff-ff-ff-ff-ff-00-00

10/09/2014 11:18:12 FireCore.cpp[2627] VERBOSE  (3228) internalHandleNotification() - ignoring non-hip PP notification.

10/09/2014 11:18:12 APPLOG  [1876] VERBOSE  RULE <unknown> BLOCKED PID 0 ETHERNET TYPE 0x800 PROTO 17 67 <-- 10.xx.0.xx.  Block All Traffic

10/09/2014 11:18:12 MAINWRK[813] VERBOSE  << (2416) processQueue

bootp rule.png

Any  advise  will be  welcome.



2 Replies
Reliable Contributor frank_enser
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: How to permit UDP port traffic in HIPS 8


this rule allows outgoing BOOTP traffic and the logs shows that incoming BOOTP traffic is filtered. I currently don't have a HIPS installation at hand, so I cannot give you exact guidance, but you should be good, if you additionally allow incoming BOOTP traffic (switch direction and local/remote service port).



Re: How to permit UDP port traffic in HIPS 8

Just to throw it out there, if this is an internal application, do you have a CAG (connection aware group) setup? Basically you can setup a location rule within your table that will allow any/any but ONLY if the specified machine matches a defined criteria of either DNS/DCHP/Gateway/etc. server. That makes it a lot easier for internal servers as you don't need to create specific rules like you are. Just a thought.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator