To resolve the conflict, edit the ports used by Application Type(s) B so that they include the ports used by Application Type(s) A.

The two application types (Web Application Tomcat and Web Server Miscellaneous) are both dependent on the application type Web Server Common. This is why the ports listed in the first two application types should also appear in the Web Server Common ports.

If you consolidate the ports for these three application types, the result is:

80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200,7501,7510,7777,7778,7779,
8004,8007,8043,8080,8081,8088,8093,8094,8300,8500,8800,9000,9060,10001,19300,32000

After adding this to the Web Server Common port list, you will see this message in the Events tab:

"The Application Type Port List Misconfiguration has been resolved."

To consolidate the ports and resolve this issue:

1. Log on to the Deep Security console.
2. Go to Policies > Rules > IPS.
3. Type "Web Server Common" in the search box on the right pane and press ENTER.
4. Double-click the Web Server Common application type.
5. Navigate to General Details > Application type > Edit > Web server common.
6. Under the General tab > Connection Ports, replace all the ports with this consolidated entry:

   80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200,
   7501,7510,7777,7778,7779,8004,8007,8043,8080,8081,8088,8093,
   8094,8300,8500,8800,9000,9060,10001,19300,32000

7. Click Apply > Save.

The issue is caused by the Application Type Properties on assigned Web Server Common, which is inherited and assigned to 4119.

To resolve the issue:

1. On the Application Type Properties tab, uncheck the Inherited checkbox.
2. Assign the port to Web Server Common Port List.

The alert has been resolved.

The computer status keeps showing the yellow warning message "Application Type Port List Misconfiguration".

The warning event description explains that there is port misconfiguration and conflicting application on both Web Server Miscellaneous and Web Server Common.

To reproduce the issue, you can do the following:

1. Install a standalone agent or co-locate Deep Security Manager with Relay and IPS feature enabled on Windows Platform.
2. Assign the Security Policy inherited from Deep Security.
3. Apply Recommended for Assignment rules to the target Deep Security Agent after performing the Recommendation Scan.
4. Check the Computer status on the Deep Security Manager web console. It will show the yellow warning message.

The additional rules of the following Application Types are recommended to be assigned to the target Deep Security Agent:

• Web Server Common
  • 1000128 - HTTP Protocol Decoding
• Web Server Miscellaneous
  • 1005509 - Nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
  • 1005519 - Nginx http_parse_chunked Denial Of Service Vulnerability
  • 1005825 - Nginx Crafted URI String Handling Access Restriction Bypass Vulnerability

However, the Web Server Miscellaneous Application Type will be detected due to the NGINX process, which is used by the Deep Security Relay as Web Server for update purpose. The NGINX process is deployed when the Deep Security Relay module is enabled. Therefore, the Recommendation Scan is unable to retrieve the exact version of NGINX process via Windows system manager or software installer.

As a workaround, do the following:

1. Un-assign these rules from the Security Policy:
   • 1005509
   • 1005519
   • 1005825
   • 1008527
2. Send again the updated policy to Deep Security Agent.
3. Clear Warnings/Errors from the target Deep Security Agent.
4. Clear Recommendations and perform Scan Recommendations on the target Deep Security Agent.