1 Reply Latest reply on May 2, 2012 5:30 PM by Kary Tankink

    HIPS 8 Firewall or IPS Rule to block traffic

    donny1334

           There seems to be some debate among the users that I know of EPO4.6 and HIPs 8 of whether you can create a rule or set of rules, or specify  somewhere a policy that would block all applications trying to access the internet unless they are on some kind of white list or approved list.  Along with this we would like to be notified when a non-approved application tries to access the internet.  Does anyone have any insight to this?  In the previous versions of HIPS there was an application blocking feature but I am not sure if that is what we are looking for.

        • 1. Re: HIPS 8 Firewall or IPS Rule to block traffic
          Kary Tankink

          a policy that would block all applications trying to access the internet


          This would be done by a Firewall rule policy, not a Host IPS custom signature policy.

           

           

          Along with this we would like to be notified when a non-approved application tries to access the internet. 
          Typically a firewall rule would be configured to allow approved application network traffic, instead using a firewall rule to block all non-approved application traffic.  If you're wanting to block specific applications, then that would be done via a BLOCK rule.

           

          In the previous versions of HIPS there was an application blocking feature but I am not sure if that is what we are looking for.

          This was a feature to whitelist applications to run in the environment.  It does not have the ability to define what that application can do after it's allowed to run.