cancel
Showing results for 
Search instead for 
Did you mean: 
j_mo
Level 7
Report Inappropriate Content
Message 1 of 7

Default rule reversion

I do not wish to allow all outgoing connections, ever. Yet Endpoint Firewall seems to find every opportunity to re-create that rule when it is deleted or reactivate it when it is disabled. No matter what I do the rule will eventually come back. Why are defaults being restored? If I want to restore defaults, I will click the button that says "Reset to defaults".

6 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Default rule reversion

Why are defaults being restored?

Hi @j_mo , is your system being managed by the McAfee Agent and ePO server?  If so, the policy set from the ePO server will be re-enforced frequently (based on your management server configuration).

Which ENS Firewall rule are you referring to that is being disabled/re-enabled?  

Highlighted
j_mo
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Default rule reversion

I don't have any group policies or anything. I'm just using the Endpoint Security my school provides on a personal laptop. The rule that continues to return is Allow all outgoing connections under the default rules. I delete it, and it returns after some time. If I create a rule in the User rules section for blocking unmatched outgoing connections, then it takes priority over the default connections that are still enabled, so this is not desirable either.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Default rule reversion

This is likely because your system is managed by ePO. The policy enforcement performed by the agent will re-enforce any rules your admin has set via ePO.  You would need to contact them to either create a special rule set for you or for them to change it in general.

Your admin will also have an option to enable to retain user-added rules.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
j_mo
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Default rule reversion

I don't see how this is possible. I am not part of any network that is remotely managed.

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Default rule reversion

@j_mo Even if you're not part of the network, if the product was installed as managed/with a policy set, then it will still be able to reinforce configured policies at the policy enforcement interval. If you go to the McAfee shield icon in the bottom right of your tray, right click, and select "About", then in the window that pops up, under "McAfee Agent" and "status" you can see if your system is managed or unamanged. If it says managed, then there is nothing you can do without contacting the admin/your university IT that provided the software download.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

j_mo
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Default rule reversion

Thanks, I understand now, but I checked and as shown my status says Unmanaged. It does have a policy enforcement time though for some reason. The reversion doesn't seem to occur regularly; sometimes I will check after a reboot and the rules will be as I left them, other times the default rules have reappeared.

mcafee.screenshot.jpg

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.