cancel
Showing results for 
Search instead for 
Did you mean: 

ENS FW Location Aware Groups using RegKey?

Is anybody using a RegKey as part of their McAfee Endpoint Security FW  Location Aware Group setup and can elaborate on how and what they use it for?

I have a hard time to come up with how one would use it?

Questions are:

How do you set the RegKey and what is the deciding factor that you do?

Do you remove the RegKey once a condition is not met anymore or ist it only set once and never changed?

Hope some of you can provide me with an inspiration.

 

Oliver

3 Replies
McAfee Employee BEllis
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ENS FW Location Aware Groups using RegKey?

the Firewall_Activity.log file shows whether there are any connections that match a location-aware firewall rule group. This can be helpful if you are performing testing or troubleshooting. If there are matching connections, the log file will show the number of connections that match the location-aware firewall rule groups and the details of the matching location criteria.

For example, the sample output below shows one matching connection for a firewall rule group named Inside Network, and the details of the six matching location criteria.
 
10/25/2017 11:43:18 mfefw(1636.2804) SYSTEM blframework.FIREWALL.Activity: Number of currently matching locations: 1
Name: Inside Network 
Number of criterias: 6 
Default Gateway: 10.160.1.1 
Default Gateway: 10.160.0.1 
DNS Server: 10.160.0.1 
DNS Server: 8.8.8.8 
Domain Reachability: mcafee.com 
Domain Reachability: use.cloudshare.com
 
 
Seems to me you would use this when you want to determine if your machine is on the local network or away example on vpn vs off

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: ENS FW Location Aware Groups using RegKey?

Hi BEllis,

no since I was not looking for information on how to check if a LAG Condition is met, I am looking for an example on how someone is using a REGKEY as part of their LAG Setup and how they check that the condition that sets the REGKEY is met and how they change or remove the REGKEY if the condition that they check is  no longer true.

I guess it would have to happen externally but what application people have found to use this fueature is what interests me.

The only thing I came up with is the isolate a client if a virus is found and not removed, I could set the RegKey as part if that Process and force a client to use a LAG that only allows connection to the ePO and cuts it of from all other traffic.

 

Oli

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ENS FW Location Aware Groups using RegKey?

@oliver_m Registry entries used in Location Aware Groups (LAG) will widely vary depending how what exactly you want to monitor for.  The most common use that I've seen is for applications (usually a VPN client) that changes a reg value when active (e.g., where some "status" value equals some "1" or "enable" value, or some other type of value that shows connectivity is established).  There are no recommendations here though.  You would have to determine if there is a use for this type of registry check, what exact registry item to check for, and what the registry value would be to determine if the LAG is "matched".

Others will have to provide their examples of how they use this feature in their environments.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community