I have a station with Windows 10, 1709, with ENS FW 10.7.
I have 2 problems with the FW:
1. I don`t get events for blocked ports. I have an app that doesnt work properly with the FW, and I realized the the IGMP protocol is blocked only through wireshark. I didnt get any events about that protocol being blocked, not on the local logs and not in the EPO server.
In the FW option policy, i checked the "Log all blocked traffic" option, and in the FW rules policy i check the "Threat match as intrusion" and "Log matching traffic" options. What else can i do to solve this problem?
2. After I change the FW rules, and wake up the station through the EPO, i can see the new rules in the station, but they start working only after i restart the computer. Is there a way for the rules to work right after "Wake up"? I need the FW to start working after i change it only while using the EPO.
Thank you for reporting the issue. The changes to Firewall rules are supposed to take effect immediately and does not wait for a restart. If the issue is being resolved after a reboot, can you try removing the changes from FW policy and simply restarting to see if the issue still there?
Also by saying I already checked and the app works fine without the fw, May I confirm you have removed Firewall component and checked or have you disabled it and checked?
Also, with respect to Adaptive mode, although it creates separate rules for the protocols and ports involved, you can identify them and create a rule to club them altogether which I presume is what you have already done. So restart is not really required FW allow rules to work. I would recommend upgrading to the latest version available and check if the issue is still present.
first of all, the app worked fine before i installed the fw, and it worked fine when i disable the fw aswell.
when i change the fw policy and wake up the endpoint agent, i can see the new rules localy, but they dont take effect right away. maybe i should upgrade the mcafee agent to the latest version too?
about the adaptive rule, i can see a rule that allow all ports and protocols. i dont see any specific rule that allows the port that is being blocked. why is that? i ran the app when the adaptive rule was enabled ofcourse..