cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

FW 10.7 Problems

Hello,

I have a station with Windows 10, 1709, with ENS FW 10.7.

I have 2 problems with the FW:

1. I don`t get events for blocked ports. I have an app that doesnt work properly with the FW, and I realized the the IGMP protocol is blocked only through wireshark. I didnt get any events about that protocol being blocked, not on the local logs and not in the EPO server.

In the FW option policy, i checked the "Log all blocked traffic" option, and in the FW rules policy i check the "Threat match as intrusion" and "Log matching traffic" options. What else can i do to solve this problem?

2. After I change the FW rules, and wake up the station through the EPO, i can see the new rules in the station, but they start working only after i restart the computer. Is there a way for the rules to work right after "Wake up"? I need the FW to start working after i change it only while using the EPO.

4 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: FW 10.7 Problems

1. Disable FW and check if your application works fine, maybe not FW affects you

2. Enable Adaptive mode in FW Policy for affected system

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 5

Re: FW 10.7 Problems

1. I already checked and the app works fine without the fw.

2. i tried it but it just created a rule that allow every protocols and every port...

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: FW 10.7 Problems

Hi @yotam,

Thank you for reporting the issue. The changes to Firewall rules are supposed to take effect immediately and does not wait for a restart. If the issue is being resolved after a reboot, can you try removing the changes from FW policy and simply restarting to see if the issue still there?

Also by saying I already checked and the app works fine without the fw, May I confirm you have removed Firewall component and checked or have you disabled it and checked?

Also, with respect to Adaptive mode, although it creates separate rules for the protocols and ports involved, you can identify them and create a rule to club them altogether which I presume is what you have already done. So restart is not really required FW allow rules to work. I would recommend upgrading to the latest version available and check if the issue is still present.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted
Level 7
Report Inappropriate Content
Message 5 of 5

Re: FW 10.7 Problems

hey,

first of all, the app worked fine before i installed the fw, and it worked fine when i disable the fw aswell.

when i change the fw policy and wake up the endpoint agent, i can see the new rules localy, but they dont take effect right away. maybe i should upgrade the mcafee agent to the latest version too?

about the adaptive rule, i can see a rule that allow all ports and protocols. i dont see any specific rule that allows the port that is being blocked. why is that? i ran the app when the adaptive rule was enabled ofcourse..

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community