2 Replies Latest reply on May 14, 2015 10:36 AM by awbattelle

    RDP blocked?

    rod78

      Hi

      I'm new to HIPS so be kind..

      I can no longer connect to my PC with RDP since I deployed HIPS 8 on it. It is configured with the default rules and RDP traffic i allowed within the rules.

      I even tried to manually disable HIPS and HIP Firewall using the GUI and I still can't connect with RDP. What's going on?

        • 1. Re: RDP blocked?
          c14us

          Well I'll tend to say that it's not IPS or fw if you tried to disable them, and still not was not able to RDP.

          Since you are not experienced with the sw, there are easily some pitfalls you can drop into. Like when disabling a function, you do not take notice to saving. How to differentiate HIPS entries in the log from FW entries.

          Else you have the correct approache. Deselect one feature at the time, when the feature is found, enable it again, and go through the log for that product (verbose logging can be your friend here).

          I'll recommend you get some courses. There are some freebees movies here also, also try youtube.

           

          Regards

          Claus

          • 2. Re: RDP blocked?
            awbattelle

            Typically, you will want to make sure Host IPS policy is disabled so you can just work on the Firewall part of HIPS first. I do notice that the basic Default policy for the firewall will disable RDP, and a variety of other things like ping response. It seems to me that this policy is designed with a public network in mind and for that, it works great. So you will have to design a "location" in the policy that detects your corporate network, so your system will be supportable in it's native environment.

            Now, you said you still could not RDP after you turned off the firewall? Be sure you reset your policy enforcement from the status monitor first so you can get a full cycle of HIPS and the firewall in an "off" state. You should now be able to ping your system. This is the first test I do, since it is faster and more reliable than RDP.

            Once you are comfortable with turning the firewall on and off, and familiarize yourself with the default behavior, make a copy of the McAfee default and create your Location, and apply some rules that will open up the firewall when it is on your corporate network. Normally, the home network will have a corporate firewall, so there is not much need for a desktop firewall.  The easiest way to create a location is to just check the "Require that EPO be reachable" option, then create a rule to allow required traffic. You might even create an Allow All rule when EPO is detected.

            Anyway, real lesson here is that the HIPS product does not work very well out of the box. It requires a great deal of tuning, and EPO has some great tools to help you with this, like Adaptive mode. Unfortunately, nothing is a slam dunk with HIPS. Good luck.