cancel
Showing results for 
Search instead for 
Did you mean: 
pwctw
Level 7

What's different between "Trusted Applications" and "Firewall Rules" in HIP

Jump to solution

Hi all,

If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

"Trusted Applications"? or "Firewall Rules"?

Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

Thanks

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: What's different between "Trusted Applications" and "Firewall Rules" in HIP

Jump to solution
If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

Firewall rules would be your best bet.

Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

Trusted Applications work by allowing an application executable to bypass most of HIPS (not all).

  • For Firewall trusts, all OUTGOING IP-based traffic would be allowed for the exectuable.  For all INBOUND-initiated network traffic, you would need to create a firewall rule to allow it.
  • For IPS trusts, most IPS signatures will be bypassed for the trusted application, but not all. For the others, IPS exceptions will be required.

KB71704 - Host Intrusion Prevention Trusted Applications defined

0 Kudos
2 Replies
McAfee Employee

Re: What's different between "Trusted Applications" and "Firewall Rules" in HIP

Jump to solution
If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

Firewall rules would be your best bet.

Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

Trusted Applications work by allowing an application executable to bypass most of HIPS (not all).

  • For Firewall trusts, all OUTGOING IP-based traffic would be allowed for the exectuable.  For all INBOUND-initiated network traffic, you would need to create a firewall rule to allow it.
  • For IPS trusts, most IPS signatures will be bypassed for the trusted application, but not all. For the others, IPS exceptions will be required.

KB71704 - Host Intrusion Prevention Trusted Applications defined

0 Kudos
pwctw
Level 7

Re: What's different between "Trusted Applications" and "Firewall Rules" in HIP

Jump to solution

Thanks Kary, very useful and clear information, thank you!

0 Kudos