cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

Hi, Wonder if anyone else has came across a similar issue or knows a way around the McAfee core networking rule group in the ENS Firewall Rules policy. 

In our old HIPS Firewall policy our catch all rule at the bottom of the policy would block trace routes to external services as it didnt match any of the other rules specified. 

Now however, since McAfee have added "McAfee Core Networking" group which includes the following rule "Allow outbound system applications", application such as the command line match this rule and allow trace routes to external services. 

Because this is part of the default policy you cant remove it or even add a rule above ... Seems a bit crazy to allow anything within the "System" directory outbound access and not provide the ability to block. Our organisation in the past has relied on HIPS to block trace routes.  

corenetworking.PNG

I have had a look at the old HIPS firewall policy and this rule was 100% not present 

Any advice would be appreciated 

 

 

 

1 Solution

Accepted Solutions
youngs
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

 

Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules.  I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.

If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try.  I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.

If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed. 

Firewall_Options.PNG

 Hope this helps.

Scott 

 

 

View solution in original post

2 Replies
youngs
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

 

Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules.  I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.

If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try.  I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.

If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed. 

Firewall_Options.PNG

 Hope this helps.

Scott 

 

 

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 3

Re: ENS 10.5 - McAfee Core Networking Group Issue

Jump to solution

Spot on Scott, 

Enabled that setting and recreated the networking group without the system rule and icmp rules 

Worked a treat ! 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community