1 Reply Latest reply on Jul 2, 2012 12:44 PM by Kary Tankink

    How to set exception for blocked traffic

    epoNovice

      Hey Guys,

       

      HIPS 7 Patch 9

      I've been trying to create an exception in the firewall rules and can't work out what I'm getting wrong.

       

      Blocked message is the following:    Blocked Incoming UDP -  Source 10.140.23.235 :  (11000)  Destination 239.1.1.2 :  (45002) (Catch-all - block unspecified inbound traffic)

       

      So I at least need the rule to allow    "Inbound UDP traffic",  I know the application .exe thats sending the trafgfic so I can enter that.  Which numbers above relate to Remote Address? Local Service? Remote Service? I have a feeling I'm getting them wrong.

       

      Although - I did just try having the following and it still got blocked:

      - Allow UDP inbound traffic

      -  Entered Application .exe being blocked.

      - Remote Address ANY

      - Local Service ANY

      - Remote Service ANY  how would this still get blocked?

       

      Cheers

        • 1. Re: How to set exception for blocked traffic
          Kary Tankink

          If you posted the entire blocked traffic firewall event, then you cannot apply an exectuable to the firewall rule.  The exectuable would need to be left blank.  In the HIPS Activity Log, check the Application column and see if an exectuable is listed, or export the Activity log to the McAfeeFireLog.txt and see if the event contains an exectuable DESCRIPTION/PATH.  If not, then an exectuable cannot be applied to the firewall rule.

           

           

          For this inbound traffic event:

          • Source is the Remote address/port.
          • Destination is the Local address/port.

           

           

           

          For outbound traffic, this would be reversed.

          • Source is the Local address/port.
          • Destination is the Remote address/port.