Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
810 Views 4 Replies Latest reply: Jun 17, 2013 10:45 AM by Kary Tankink RSS
jbaker Newcomer 9 posts since
Sep 3, 2010
Currently Being Moderated

May 30, 2013 4:07 PM

I'm Failing at adding Trusted Applications

Hello!

 

I'm struggling to add a certain application to our trusted applications.

 

We have a device that connects locally to one of our workstations. Once HIPS was installed on this workstation, the device could no longer communicate with the computer. Initially, I saw that there was a lot of loopback (::1) traffic blocked of IPv6. I enabled IPv6 on this station via HIPS and I started seeing more specific application blocking.

 

I disabled the HIPS firewall to verify it was the issue. Once the HIPS firewall was disabled, the device could communicate once again to the workstation.

 

Here is the information that is displayed in the activaty log on the station:

http://i.imgur.com/xNTDXPm.png

 

Here is the application info:

http://i.imgur.com/oLToV1o.png

 

Here is my HIPS firewall trusted application configuration:

http://i.imgur.com/kxo9g9H.png

 

Notes:

- Any signer is specified. I have also done the above configuration in the HIPS: General Trusted Applications All Platforms section with no luck.

- The rules are enforcing on the specified system, and it appears the policy is updating on the target station.

 

Any help on this would be greatly appreciated!

 

Thank you!

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. May 31, 2013 4:48 PM (in response to jbaker)
    Re: I'm Failing at adding Trusted Applications

    Please make sure you have a Allow Loopback firewall rule (for both 127.0.01 and ::1).  A Trusted Application might work, but it only allows outbound traffic (does not automatically allow inbound traffic).

     

    KB71230 - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enabled

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    4. Jun 17, 2013 10:45 AM (in response to jbaker)
    Re: I'm Failing at adding Trusted Applications

    I can't see the entire firewall entry there, but if it's Inbound traffic being blocked, the Trusted Application rule will only allow Outbound-initiated traffic out.  It does not automatically allow Inbound-initiated traffic in (it will allow traffic In via an Outbound connection, since the firewall is stateful).

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points