The network traffic may not be associated with beremote.exe. Review the HIPS Activity log and create firewall rules for any blocked traffic that is associated with the software (remote IPs, ports, etc.). You may find that the traffic is SYSTEM-based and is not associated with a specific app PID (meaning the firewall rule cannot be associated with an application). If the application worked while in Adaptive mode, review what rules were created and see if they might be associated with backup software. Also test using the "Allow ANY/ANY" firewall rule set from KB67055.
KB67055 – How to troubleshoot a network facing application, or traffic is blocked by Host Intrusion Prevention firewall
Also make sure you are testing the latest HIPS 8.0 version for any known defects.
KB70725 - Host Intrusion Prevention 8.0 patch and hotfix version information
This document is for BE v11d but probably applies in your environment:
List of TCP/UDP ports used by Backup Exec 11d and above (including CPS and DLO) and BE System Recovery (BESR)
- Publish:September 14, 2015
- Article URL:http://www.veritas.com/docs/000032339
Backup Exec Agent Browser (process=benetns.exe) 6101 TCP Backup Exec Remote Agent for Windows Servers (process=beremote.exe) 10000 TCP Backup Exec Server (process=beserver.exe) 3527 TCP 6106 TCP MSSQL$BKUPEXEC (process=sqlservr.exe) 1125 TCP 1434 (ms-sql-m) UDP Oracle Agent for Windows and Linux Servers Random port unless configured otherwise DB2 Agent for Windows and Linux Servers Random port unless configured otherwise Kerberos 88 UDP NETBIOS 135 TCP, UDP NETBIOS Name Service 137 UDP NETBIOS Datagram Service 138 UDP NETBIOS Session Service 139 TCP NETBIOS (Windows 2000) 445 TCP DCOM/RPC 3106 TCP Backup Exec Remote Agent 6103 TCP Push Install -- Check for conflicts in message queue for CASO which is part of beserver.exe 103x TCP Push Install -- SMB2 445 TCP SMTP email notification 25 outbound from media server TCP SNMP 162 outbound from media server TCP FTP 21 TCP HTTP 80 TCP HTTPS 443 TCP
Backup Exec for Windows Servers Listening Ports:
First, it is important to understand the difference between using a port for listening versus for dynamic or ad-hoc communication.
When Backup Exec for Windows Servers is not running any operations, the various services are listening on ports for incoming communication from other services and/or agents.
During operations such as backups, a Backup Exec for Windows Server will first communicate to the Remote Agent on the static listening port (control connection) and then pass data back and forth using dynamic (ad-hoc) ports that are either random (by default) or can be configured to use a specific range.
More detail on limiting the port ranges for Remote Agent communications can be found in the Related Documents area at the bottom of this document.
Service Port Port Type Backup Exec Agent Browser (benetns.exe) 6101 TCP Backup Exec Remote Agent for Windows Server (beremote.exe) 10000 TCP Backup Exec Server (beserver.exe) 3527, 6106 TCP MSSQL$BKUPEXEC (sqlservr.exe) 1125 TCP 1434 UDP Backup Exec Remote Agent for NetWare 10000, 6102 TCP Remote Agent for Linux and UNIX Servers (RALUS) 10000 TCP DBA-initiated backups for Oracle and DB2 5633
Backup Exec Deduplication Engine (spoold.exe) 10082 TCP Backup Exec Deduplication Manager (spad.exe) 10102 TCP
My guess is that you have to Configure BERemote to use Specific ports rather than using the default random ports. HIPS in learning mode will work, but turning off learning mode causes failure due to the next random port used, not yet configured to work within HIPS. Check the rules HIPS created while in learning mode and compare against the ports when it fails. This should lead you to the area that can help you statically define the port you want to use, and then change the HIPS rule(s) to use that port.
Another article: https://www.veritas.com/support/en_US/article.TECH43579
Hope this helps
I have now solved the issue, we found that Backup Exec was using a larger range of local ports then we thought and so we epanded this range in the policy and we are now able to backup the machine.