0 Replies Latest reply on Jan 23, 2014 7:09 PM by jase4867

    HIPS 8 - Dynamically Created Rules

    jase4867

      We are currently rolling out HIPS 8, and have configured a default firewall ruleset which covers all the standard apps we run across the company. There are a few users, probably around 15 out of 2000, who use Dropbox. We don't consider Dropbox a standard, so it isn't in the ruleset.

       

      Currently, HIPS is running in Learn mode, so the users of Dropbox are constantly seeing firewall alerts with the following info:

       

      Direction: Incoming

      Protocol: UDP

      Local Port: 17500

      Local Address: 255.255.255.255

      Remote Address: internal IP

      Remote Port: 17500

       

      When these alerts come up, the users click on Allow, but it doesn't generate a dynamic rule. Am I correct in thinking this is expected behavior since it is incoming UDP traffic? If not, why isn't it saving a dynamic rule on the receiver's machine?

       

      If I'm following the flow correctly, it looks like Computer A has a Dropbox client installed, and that client is sending broadcast traffic. When it hits Computer B, which also has a Dropbox client, it throws up the alert on Computer B, and at that point they can either Allow or Deny the traffic.

       

      Not sure if it matters, but we're running ePO 4.6.6, VSE 8.8, and MA 4.6. All clients are running Win7. HIPS 8 is at patch 2 with the latest hotfix.

       

      Thanks for any info you can provide.