I've been using HIPS (7.0.0, build 1102) for a while and have come across a couple of things I'd like to clear up.
Why does some traffic appear in the log as blocked but there is no specific blocking rule? E.g. I have blocked incoming UDP on the local subnet (which is added as a trusted network) yet there isn't a single blocking rule in my policy?
Why, in this case doesn't HIPS create an exception if it is in adaptive mode?
If anyone can provide some guidance here it would be much appreciated.
Adaptive mode only learns outbound traffic, not inbound.
In addition, Host Intrusion Prevention 7.0 only learns rules for the following traffic: