cancel
Showing results for 
Search instead for 
Did you mean: 
kjhurni
Level 9

Stateful table problem/corruption?

We have HIPS 8.0 Patch 1 on Windows 7 Enterprise.

I believe the HIPS is setup as a stateful firewall, so theoretically any outbound port is automatically opened for the return traffic.

We have the Novell Client for Windows 7 installed, which uses non-reserved ports (source port) when talking to the servers (destination port 524)

That goes out okay

But we see (sometimes), that HIPS blocks the return traffic.

Rebooting seems to fix things.

We had a thought that perhaps the stateful table is getting corrupted or not large enough?  We've seen this on say, home NetGear routers and online games where things that open lots of ports, fill up the table or corrupt it and a reboot solves things.

Any way to check the tables or adjust them to use more RAM?

0 Kudos
2 Replies
McAfee Employee

Re: Stateful table problem/corruption?

The return traffic could be for a different connection, or possibly a closed connection.  I would suggest testing with HIPS 8.0 P2 and Hotfix 803520 (which you can get from McAfee Support).  If you continue to have this issue, please contact McAfee Support, as data would need to be gathered to investigate this issue further.

0 Kudos
kjhurni
Level 9

Re: Stateful table problem/corruption?

Thanks, we'll apply the updated software and see what happens.

0 Kudos