This content has been marked as final. Show 3 replies
After looking at the details of the triggered events, I have added a firewall rule to allow incoming tcp traffic on local networks on a local port of 88 (remote port varies hugely). I will see if this has the desired effect.
The purpose of "Trust for Network IPS" is to eliminate false positives from known or trusted sources. You don't want RSD or MNAC generating hundreds or thousands of events. It would be hard to filter out all the static to find the real events.
Thanks Joe - It sounds like that would fix this problem, but possibly be overkill? i.e. it will ignore any events from the same subnet, whether they are generated by RSD or true attacks... I had hoped there was a way to identify RSD by application in the firewall rules but it doesn't look like it. Kind of frustrating considering they are both McAfee products!