Showing results for 
Show  only  | Search instead for 
Did you mean: 
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

unstable application matching on the HIPS Firewall

Anyone else recently started noticing some unstable behaviour on HIPS firewall? (since HIPS Patch 10 or McAfee Exploit Prevention Content 8274)

What we notice is that application matching is sometimes failing even while the application is still listening on the inbound port. We have seem this in the past with slow server responses (TCP timeout) where the connection was already removed from the state table, or the application had already stopped listening to the port. However these are "works as designed".

In these cases (we have multiple) the application is still running and listening on inbound connections however HIPS is seeing the process as the system idle process.


04/12/2018 09:12:06.859 FireCore.cpp[5757] VERBOSE  (7652) getProcessInfo() - Will not attempt to get process info for system idle process.
04/12/2018 09:12:06.859 FireCore.cpp[6169] VERBOSE  (7652) handleNotificationEventLog() - traffic event received:
 Mode = traffic
 Process id = 0
 Source port = xx
 Dest port = xx
 Ip protocol = 17
 Ethernet type = 0x800
 Process path =
 Local ip addr = xx.xx.xx.xx
 Remote ip addr = xx.xx.xx.xx

3 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: unstable application matching on the HIPS Firewall

Ever since we updated to the latest 8274 content nearly all of our applications that do outbound 80/443 communication have begun failing (even McAfee Agent).  The outbound is established but then the return channel gets blocked by the default Block All rule.  We've been using these rules for years now without and issue and they just started failing after this update.  I thought it was the HIPS P11 at first but it was installed and working without issue for several days.  Seeing your post though made me realize the content file was updated after P11 was installed and after that is when we started seeing this issue.

Re: unstable application matching on the HIPS Firewall

We are seeing the same exact issue.  We even tried going to Endpoint Security Firewall, but the issue persists.  Does this happen at random times for you?  We are able to resolve the issue by rebooting the server, but we cannot reproduce the issue on command.


Has anyone been able to resolve this?

Re: unstable application matching on the HIPS Firewall

I am having the same problem after updating from HIPS 8 Patch 10 to HIPS 8 Patch 11.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community