Trouble with Dynamic Application Classes

Unanswered Question
Jun 22nd, 2007

I am having some trouble setting up a dynamic application class for this alert.

The process 'System' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on TCP port 445 from <IP ADDRESS>. The operation was denied. Details Rule 223 Wizard

I have tried creating a dynamic application class with a builder rule set to add anything on TCP port 445 to the application class.

Then i have created another Network Access Control allow rule saying allow the AC when acting as a client or Server on port 445 and also the built in SMB network services.

Any help would be greatly appreciated.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Fri, 06/29/2007 - 05:42

Creating dynamic application classes from the Application control rule is a bit different than creating them from other rule types. Because this rule has two application class fields, you can choose to add the current application to the dynamic class or choose to add the new application that is invoked by the first application to the dynamic class.

http://www.cisco.com/en/US/products/sw/secursw/ps5057/prod_release_note09186a008019b760.html

tsteger1 Tue, 07/03/2007 - 13:51

Hi Jeff, since it sounds like you allow peer sharing in your organization (unless these are servers), wouldn't a static rule accomplish the same thing?

You could allow connections only from your internal addresses and to only those machines allowed to share.

I won't go in to why it isn't a good idea since you probably already know that.

HTH

Tom

Actions

This Discussion