Showing results for 
Search instead for 
Did you mean: 
Level 7

How to permit port 1900 UDP traffic in HIPS 8

I am kind of baffled by a HIPS 8 firewall block I am seeing.  The event details are below and in the attached image.

Event: Traffic

IP Address/User:

Application: Host Process for Windows Services (svchost.exe)

Message: Blocked Incoming UDP - : (56006) Destination : (1900)

Matched Rule: Block All Traffic (default implied block rule at bottom of firewall)

I already have the "allow loopback" rule in my firewall (not in any LAG) as described in KB71230.  I am unsure how to create a firewall rule to allow this traffic.  Can anyone help?




2 Replies
McAfee Employee

Re: How to permit port 1900 UDP traffic in HIPS 8

For this traffic, you would need to have:

Allow Inbound



Remote IP:

Source IP = Remote Network, since this is Inbound traffic.  I suspect your Loopback rule allows Local Network (as that's the rule from the HIPS Catalog), which doesn't apply to this blocked traffic.

FYI, the HIPS Catalog rule uses and ::1 only.  I've see applications use any number of different IPs in the 127.x.x.x range.  You'll need to adjust your Loopback rule according to any blocked network traffic in the 127.x.x.x range, if necessary.

Level 7

Re: How to permit port 1900 UDP traffic in HIPS 8

Hi Kary,

Thanks, this actually seems to work.  I tried this a couple hours ago, and rebooted a few times, and sure enough, I got traffic to pass with a "reversed" loopback rule.

I'm trying to understand why this rule is needed, though.  It seems like the loopback rule from the KB would have sufficed, since the source traffic was still  Wouldn't this have counted as the local network?  Or, is this reversed because the traffic was inbound?

Should the KB be updated to include this caveat?  This seems like it applies to that same situation.

Would HIPS 7 have treated this traffic any differently?  I recall that HIPS 7 had these loopback rules built in by default.



0 Kudos