Showing results for 
Search instead for 
Did you mean: 
Level 9

How to set exception for blocked traffic

Hey Guys,

HIPS 7 Patch 9

I've been trying to create an exception in the firewall rules and can't work out what I'm getting wrong.

Blocked message is the following:    Blocked Incoming UDP -  Source :  (11000)  Destination :  (45002) (Catch-all - block unspecified inbound traffic)

So I at least need the rule to allow    "Inbound UDP traffic",  I know the application .exe thats sending the trafgfic so I can enter that.  Which numbers above relate to Remote Address? Local Service? Remote Service? I have a feeling I'm getting them wrong.

Although - I did just try having the following and it still got blocked:

- Allow UDP inbound traffic

-  Entered Application .exe being blocked.

- Remote Address ANY

- Local Service ANY

- Remote Service ANY  how would this still get blocked?


0 Kudos
1 Reply
McAfee Employee

Re: How to set exception for blocked traffic

If you posted the entire blocked traffic firewall event, then you cannot apply an exectuable to the firewall rule.  The exectuable would need to be left blank.  In the HIPS Activity Log, check the Application column and see if an exectuable is listed, or export the Activity log to the McAfeeFireLog.txt and see if the event contains an exectuable DESCRIPTION/PATH.  If not, then an exectuable cannot be applied to the firewall rule.

For this inbound traffic event:

  • Source is the Remote address/port.
  • Destination is the Local address/port.

For outbound traffic, this would be reversed.

  • Source is the Local address/port.
  • Destination is the Remote address/port.
0 Kudos