you could create a block rule but not log it
I do not think you can do it. if you block a thing it must appear on the blocked traffic
Ever got an answer or any luck with this?
trying also (without much success) to block and *NOT LOG* this traffic, and other network discoveries related ports which I don't think they have any "added value" on an entreprise network
We don't want to log know any of this block traffic as we are always getting calls when people get anything red and thinking this must be related to their problems....
These are the ports related to Network Discovery as per technet blog I am trying to block and not log..my rule trigger but even though I select to NOT log..it seem it log anyway.
- TCP 2869 - UPNP
- TCP 5357 - WSDAPIEvents
- TCP 5358 - WSDEvents Secure
- UDP 5355 - LLMNR
- UPD 3702 - WSD publishing
- UDP 1900 - SSDP
This HIPS Activity log data is being written to the EVENT.LOG file; it should have no effect on the hard disk (it's normal log writing).
You cannot force Firewall traffic to NOT be logged to the Activity log, unless you disable the LOG ALL BLOCKED/ALLOWED traffic filter option in the HIPS ClientUI Activity log menu. This will cause all blocked/allowed traffic to NOT be written to the Activity log, unless you have the LOG MATCHING TRAFFIC option in a firewall rule.
The LOG MATCHING TRAFFIC option in the Firewall rule will only force logging ON for network traffic matching the rule, in the event that the LOG ALL BLOCKED/ALLOWED traffic filters are disabled (these options are configurable by any user; not ePO policy-configurable).
Leaving the LOG MATCHING TRAFFIC option off does not force logging OFF for the network traffic matching the rule (it can still be shown in the Activity log if LOG ALL BLOCKED/ALLOWED is enabled).