We have HIPS 8.0 Patch 1 on Windows 7 Enterprise.
I believe the HIPS is setup as a stateful firewall, so theoretically any outbound port is automatically opened for the return traffic.
We have the Novell Client for Windows 7 installed, which uses non-reserved ports (source port) when talking to the servers (destination port 524)
That goes out okay
But we see (sometimes), that HIPS blocks the return traffic.
Rebooting seems to fix things.
We had a thought that perhaps the stateful table is getting corrupted or not large enough? We've seen this on say, home NetGear routers and online games where things that open lots of ports, fill up the table or corrupt it and a reboot solves things.
Any way to check the tables or adjust them to use more RAM?
The return traffic could be for a different connection, or possibly a closed connection. I would suggest testing with HIPS 8.0 P2 and Hotfix 803520 (which you can get from McAfee Support). If you continue to have this issue, please contact McAfee Support, as data would need to be gathered to investigate this issue further.