If you posted the entire blocked traffic firewall event, then you cannot apply an exectuable to the firewall rule. The exectuable would need to be left blank. In the HIPS Activity Log, check the Application column and see if an exectuable is listed, or export the Activity log to the McAfeeFireLog.txt and see if the event contains an exectuable DESCRIPTION/PATH. If not, then an exectuable cannot be applied to the firewall rule.
For this inbound traffic event:
- Source is the Remote address/port.
- Destination is the Local address/port.
For outbound traffic, this would be reversed.
- Source is the Local address/port.
- Destination is the Remote address/port.