If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?
Firewall rules would be your best bet.
Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",
but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?
Trusted Applications work by allowing an application executable to bypass most of HIPS (not all).
- For Firewall trusts, all OUTGOING IP-based traffic would be allowed for the exectuable. For all INBOUND-initiated network traffic, you would need to create a firewall rule to allow it.
- For IPS trusts, most IPS signatures will be bypassed for the trusted application, but not all. For the others, IPS exceptions will be required.
KB71704 - Host Intrusion Prevention Trusted Applications defined