cancel
Showing results for 
Search instead for 
Did you mean: 

application being blocked?

I think this error is stopping an application from working correctly. How would I go about allowing it?

Time: 8/2/2010 9:42:20 AM

Event: Traffic

IP Address/User: 0.0.0.0

Message: Blocked Incoming Non-IP Protocol : 0x26

7 Replies
McAfee Employee

Re: application being blocked?

KB66899 - Enable the Allow Traffic for Unsupported Protocols option to configure the NDIS drivers to pass unsupported protocol traffic instead of blocking it

0 Kudos
techchick69
Level 7

Re: application being blocked?

Hi Kary,

I'm having the same issue except my HIPS 8.0 FW is stating "Blocked Incoming Non-IP Protocol 0x6002" and I have the option to Allow traffic for unsupported protocols checked for both HIPS 7.0 and 8.0 policies, even though my clients are primarily inheriting 8.0 policies.  If these two options are enabled, meaning pass the unsupported ip protocol traffic through (allow), how come my Activity Log is still being inundated with these messages?  Any suggestions as to what more I can do to clear these up?

I'd greatly appreciate it.

0 Kudos
McAfee Employee

Re: application being blocked?

With HIPS 8.0, you can create a firewall rule for this specific Ethertype number.  Try that.

ePolicy Orchestrator 4.6.6 (Build_ 176)_2013-05-31_16-43-36.jpg

0 Kudos
techchick69
Level 7

Re: application being blocked?

Hi Kary,

Much appreciation for your reply back regarding 0x6002 being blocked via my HIPS 8.0 FW policy.

So here's the thing, I went ahead and created the FW rule as you suggested, pushed it to the endpoints via wake up call's, and the FW policy within the endpoint HIPS UI shows that the new rule has been added, yet the Activity Log continues to show that it is being blocked.

allow6002.JPG

blocked 6002.JPG

Any ideas of what I could do to get this to not be blocked?

Thanks so much for your help, Kary!

0 Kudos
McAfee Employee

Re: application being blocked?

What rule is blocking the traffic?  You'll see it in the second screenshot (more toward the right columns), but it's cutoff in your screenshot.

0 Kudos
techchick69
Level 7

Re: application being blocked?

I'm sorry for cutting that off...the Block All Traffic is the rule that is blocking it.  But, that is an in-place inherited rule that, if I understand correctly, I cannot modify...

0 Kudos
McAfee Employee

Re: application being blocked?

Correct.   For a test, make sure this rule is at the top of the Firewall Rule policy, and not in a LAG (Location Aware Group).

I would suggest opening a Service Request to have Support look at this.  Your rule should be allowing this. Enable HIPS debug logging, and provide a MER to the support tech.

KB72869 - How to enable Host Intrusion Prevention 7.0/8.0 debug logging

https://kc.mcafee.com/corporate/index?page=content&id=KB72869

0 Kudos