I do not wish to allow all outgoing connections, ever. Yet Endpoint Firewall seems to find every opportunity to re-create that rule when it is deleted or reactivate it when it is disabled. No matter what I do the rule will eventually come back. Why are defaults being restored? If I want to restore defaults, I will click the button that says "Reset to defaults".
Why are defaults being restored?
Hi @j_mo , is your system being managed by the McAfee Agent and ePO server? If so, the policy set from the ePO server will be re-enforced frequently (based on your management server configuration).
Which ENS Firewall rule are you referring to that is being disabled/re-enabled?
I don't have any group policies or anything. I'm just using the Endpoint Security my school provides on a personal laptop. The rule that continues to return is Allow all outgoing connections under the default rules. I delete it, and it returns after some time. If I create a rule in the User rules section for blocking unmatched outgoing connections, then it takes priority over the default connections that are still enabled, so this is not desirable either.
This is likely because your system is managed by ePO. The policy enforcement performed by the agent will re-enforce any rules your admin has set via ePO. You would need to contact them to either create a special rule set for you or for them to change it in general.
Your admin will also have an option to enable to retain user-added rules.
@j_mo Even if you're not part of the network, if the product was installed as managed/with a policy set, then it will still be able to reinforce configured policies at the policy enforcement interval. If you go to the McAfee shield icon in the bottom right of your tray, right click, and select "About", then in the window that pops up, under "McAfee Agent" and "status" you can see if your system is managed or unamanged. If it says managed, then there is nothing you can do without contacting the admin/your university IT that provided the software download.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Thanks, I understand now, but I checked and as shown my status says Unmanaged. It does have a policy enforcement time though for some reason. The reversion doesn't seem to occur regularly; sometimes I will check after a reboot and the rules will be as I left them, other times the default rules have reappeared.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center