HIPS 7 Patch 9
I've been trying to create an exception in the firewall rules and can't work out what I'm getting wrong.
Blocked message is the following: Blocked Incoming UDP - Source 10.140.23.235 : (11000) Destination 126.96.36.199 : (45002) (Catch-all - block unspecified inbound traffic)
So I at least need the rule to allow "Inbound UDP traffic", I know the application .exe thats sending the trafgfic so I can enter that. Which numbers above relate to Remote Address? Local Service? Remote Service? I have a feeling I'm getting them wrong.
Although - I did just try having the following and it still got blocked:
- Allow UDP inbound traffic
- Entered Application .exe being blocked.
- Remote Address ANY
- Local Service ANY
- Remote Service ANY how would this still get blocked?
If you posted the entire blocked traffic firewall event, then you cannot apply an exectuable to the firewall rule. The exectuable would need to be left blank. In the HIPS Activity Log, check the Application column and see if an exectuable is listed, or export the Activity log to the McAfeeFireLog.txt and see if the event contains an exectuable DESCRIPTION/PATH. If not, then an exectuable cannot be applied to the firewall rule.
For this inbound traffic event:
For outbound traffic, this would be reversed.