cancel
Showing results for 
Search instead for 
Did you mean: 

ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

Hi, Wonder if anyone else has came across a similar issue or knows a way around the McAfee core networking rule group in the ENS Firewall Rules policy. 

In our old HIPS Firewall policy our catch all rule at the bottom of the policy would block trace routes to external services as it didnt match any of the other rules specified. 

Now however, since McAfee have added "McAfee Core Networking" group which includes the following rule "Allow outbound system applications", application such as the command line match this rule and allow trace routes to external services. 

Because this is part of the default policy you cant remove it or even add a rule above ... Seems a bit crazy to allow anything within the "System" directory outbound access and not provide the ability to block. Our organisation in the past has relied on HIPS to block trace routes.  

corenetworking.PNG

I have had a look at the old HIPS firewall policy and this rule was 100% not present 

Any advice would be appreciated 

 

 

 

Was my reply helpful?

if this information was helpful in any way, or answered your question, will you please select & "Accept as Solution" in my reply, or give kudos as appropriate.
1 Solution

Accepted Solutions
youngs
Level 10
Report Inappropriate Content
Message 2 of 3

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

 

Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules.  I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.

If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try.  I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.

If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed. 

Firewall_Options.PNG

 Hope this helps.

Scott 

 

 

2 Replies
youngs
Level 10
Report Inappropriate Content
Message 2 of 3

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

 

Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules.  I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.

If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try.  I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.

If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed. 

Firewall_Options.PNG

 Hope this helps.

Scott 

 

 

Highlighted

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

Spot on Scott, 

Enabled that setting and recreated the networking group without the system rule and icmp rules 

Worked a treat ! 

Was my reply helpful?

if this information was helpful in any way, or answered your question, will you please select & "Accept as Solution" in my reply, or give kudos as appropriate.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator