cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
2
Replies

Trouble with Dynamic Application Classes

eaglesecure
Level 1
Level 1

I am having some trouble setting up a dynamic application class for this alert.

The process 'System' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on TCP port 445 from <IP ADDRESS>. The operation was denied. Details Rule 223 Wizard

I have tried creating a dynamic application class with a builder rule set to add anything on TCP port 445 to the application class.

Then i have created another Network Access Control allow rule saying allow the AC when acting as a client or Server on port 445 and also the built in SMB network services.

Any help would be greatly appreciated.

Thanks in advance.

2 Replies 2

Not applicable

Creating dynamic application classes from the Application control rule is a bit different than creating them from other rule types. Because this rule has two application class fields, you can choose to add the current application to the dynamic class or choose to add the new application that is invoked by the first application to the dynamic class.

http://www.cisco.com/en/US/products/sw/secursw/ps5057/prod_release_note09186a008019b760.html

tsteger1
Level 8
Level 8

Hi Jeff, since it sounds like you allow peer sharing in your organization (unless these are servers), wouldn't a static rule accomplish the same thing?

You could allow connections only from your internal addresses and to only those machines allowed to share.

I won't go in to why it isn't a good idea since you probably already know that.

HTH

Tom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: