Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Noise Rule

Hi

 

We are the running Endpoint Client with the Firewall blade enabled.

 

When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.

 

1.jpg.png

 

 

 

This makes investigating the logs somewhat difficult as there are limited filtering options available.

 

Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.

 

I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.

 

Is it ok to create a block rule only on the ports as below?  Note the source is Any

 

2.png

 

Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule  

 

 

 

 

 

 

 

 

0 Kudos
Reply
2 Replies
Highlighted
Champion
Champion

First: What about the destination 239.255.255.250 ?

Second: You show us an endpoint security client log, but create a rule in the gateway access policy. Endpoint FW rules are defined in old SmartDashboard / Desktop tab or in EPSS...

0 Kudos
Reply
Explorer

We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service).  To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.

There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop

3.png

 

2.png

 

Thus the reason for using ports/services. 

239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp 

 

 

Thanks

 

 
 
0 Kudos
Reply