HCP - Threat Prevention Protections impact

Piet_vd_Maas · ‎2023-06-08

Hi All,

When I'm looking to my HCP report under Threat Prevention > Protections > Protections Impact I see a lot of 'Applictions' instead of IPS.

The applications that are in the report aren't configured in any rule. Is there a way to finetune this?

SmartConsole Extensions Threat Prevention

CCSE - CCVS

Tal_Paz-Fridman · ‎2023-06-08

Adding @Andy_Yelnik

Timothy_Hall · ‎2023-06-08

If you have an APCL/URLF rule with Service & Application set to "Any" also with Detailed Logging set (such as the cleanup rule), overhead will be expended identifying & logging these applications which is what you are seeing in hcp. You can set Track for these rules to just "Log" but the specific applications matching this rule will no longer be detected and logged.

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com

Piet_vd_Maas · ‎2023-06-08

Hi Timothy,

The only rules that these applications can hit are the 'Cleanup Rules' with action Drop and track Log.

We've 1 other rule to block traffic to internet with action Reject but only track Log

CCSE - CCVS

Piet_vd_Maas · ‎2023-06-09

Is there a way to find the rule(s) that is/are responsible for this traffic?

CCSE - CCVS

the_rock · ‎2023-06-08

I also saw that in web version of HCP for R81.20, but did not pay much attention to it.

Andy

Are you a member of CheckMates?

HCP - Threat Prevention Protections impact