Not 100% sure what the issue actually is.
But when creating your own policy you need make sure that any allow rule for this application/port are above Deny rules.
Rules are read top to bottom and the first rule it matches then that is the rule applied.
I don't have any deny rule in my policy
Ok but do you have an allow rule?
If the traffic cannot be matched against an existing rule, it is automatically blocked "unless the firewall is operating in learn mode or adaptive mode"
I have an allow rule, that why in learning mode I don't get any pop-up request(if i allow or not).
In learing mode the Hips recognize that there is an exist rule, but in "On mode" the HIPS don't recognize it.
Ok, it might be worth uploading a screen shot of your rule, because this sounds like it should just work.
I have never had a problem like this because as long as a rule exists that matches the criteria you will get the correct results.
When you create your rule, make sure the protocol , direction and ports are set correctly. Sometimes people accidentally click on the radio button for "Match by fingerprint" and put in no fingerprint and this will cause the rule to not work.
Try to pay attention to this section. You can use path then fingerprint or path only.
Take a screenshot of the allow rule, and another screenshot of your all your firewall rules. Then we can help you better.
Hi, yes a screenie could give more insight. However when it works in learn mode then there should be a rule created from the local client which makes it work. When reporting the learned Rule in ePO it could be added to an existing ruleset and modified/renamed.