I have Wireshark capture problem with HIP on W7 64bits.
Outgoing trafic is not present in the capture when HIP is enabled. No filter is defined.
Any idea to solve this issue ?
sounds basic but check for blocks? is the log showing any? check ePO for blocks for suspicious file type. ive seen .pcap files trigger this.
I heard back from tier 3. This is actually a known bug. There seems to be a conflict with HIPS (firewall) and with wireshark. The FW does not block any packes, it just prevents them from being displayed. The full response is below:
In a nutshell, for workarounds you can either disable the HIPSfirewall module when sniffing traffic wireshark or just use RawCap to snifftraffic and then view it in wireshark.