I'm struggling to add a certain application to our trusted applications.
We have a device that connects locally to one of our workstations. Once HIPS was installed on this workstation, the device could no longer communicate with the computer. Initially, I saw that there was a lot of loopback (::1) traffic blocked of IPv6. I enabled IPv6 on this station via HIPS and I started seeing more specific application blocking.
I disabled the HIPS firewall to verify it was the issue. Once the HIPS firewall was disabled, the device could communicate once again to the workstation.
Here is the information that is displayed in the activaty log on the station:
Here is the application info:
Here is my HIPS firewall trusted application configuration:
- Any signer is specified. I have also done the above configuration in the HIPS: General Trusted Applications All Platforms section with no luck.
- The rules are enforcing on the specified system, and it appears the policy is updating on the target station.
Any help on this would be greatly appreciated!
Please make sure you have a Allow Loopback firewall rule (for both 127.0.01 and ::1). A Trusted Application might work, but it only allows outbound traffic (does not automatically allow inbound traffic).
KB71230 - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enabled
Thank you for the reply Kary.
The Allow Loopback firewall rule is already configured. - ::1 and 127.0.0.1 are specified within the rule.
The Allow Loopback rule is pre-defined with Host IPS 8.0. I did not need to toggle/create this rule.I find it weird that I was seeing the loopback blocking before i removed the "Block IPv6" from the Firewall Rules.
Regardless, I do not see loopback blocking anymore. I'm only seeing errors like the one I linked in my first screenshot.
on 6/3/13 8:16:27 AM CDT
A friendly bump! I haven't had much time myself to look at this, and have not made any real progress.
I've been able to add trusted applications before, I'm not so sure why I'm sturggling with this one....
I can't see the entire firewall entry there, but if it's Inbound traffic being blocked, the Trusted Application rule will only allow Outbound-initiated traffic out. It does not automatically allow Inbound-initiated traffic in (it will allow traffic In via an Outbound connection, since the firewall is stateful).