I noticed after installing HIPS 8.0 that in the HIPS Client Console there is a rule listed on the bottom as "Block All Traffic". This rule is on every one of my polices migrated or not migrated, even on newly created rules. Is this rule supposed to be there? I cannot modify this rule at all through the Client Console or the EPO server policy catalog. In fact this rule does not even show up if I look in the Policy settings. Thanks in advance.
Message was edited by: kink80 on 1/6/11 2:04:09 PM GMT-06:00
Yes, this is the same "Block all traffic" rule that was in HIPS 7.0, however it was a hidden rule then. In HIPS 8.0, the rule is now visible and if traffic is blocked by this rule, the rule name will be listed in the Activity log (instead of HIPS 7.0 the rule name would not be listed).
Thanks for the clarification. So all of my rules that are listed above this "Block All Traffic" rule will be evaluated prior to reaching this rule?
Correct. Any manually-created, learned or ePO policy rules will be above this Block All Traffic rule (basically, the rule has just been unhidden; it was always there before).
Thats what I wanted to hear. Thanks again!
I have created Allow Loopback rule But still i'm getting Logs as Block All Traffic on HIPS client. Also i have added Trusted network.
The rule Allow Loopback is above the Block All Traffic rule, so the Allow loopback rule has to evaluated before Block All traffic Rule is it right ???..
But in my case it is not happening, as i'm getting Logs for Block All Traffic.
Need Help on this....
Thanks in advance.
Any rules created in the firewall policy will be evaluated before the traffic is blocked by this inherited BLOCK ALL RULE. Make sure that the traffic being blocked matches your new ALLOW firewall rule though.
If you are still seeing an issue, please open a Service Request with our Support team to have this reviewed further.
Thanks you so much Kary........
Actually the rule was not configured properly...