We are seeing issues with the ENS 10.6.1 Firewall since we upgraded to the Feb 2020 (10.6.1.1447).
The wrong rules are getting matched.
Additionally, we are also having problems with not seeing all events being recorded in the FirewallEventMonitor.log file when NIPS is switched on.
Does anyone else see these issues?
Solved! Go to Solution.
That’s strange, how the wrong rules are getting triggered!
It would be great if you can let us know the below details:
- There were no changes to the policy, the only change was the upgrade to the ENS Feb 2020 version
- The previous version is ENS Dec 2019
- All machines that had upgraded to the Feb 2020 version were impacted at the time
- All components were updated (Platform, Threat Prevention, Firewall, Web Control)
- The matched rule was "Allow McAfee signed applications"
I've raised a SR, but I haven't had an answer to what is causing the issue yet. It's most frustrating. I did find that the rule isn't parsed correctly on the Endpoint. And as able to find a work-round myself which I implemented and detail in the SR.
Thank you for your assistance.