I'm trying to use Windows Sandbox on a system with ENS 10.7 installed. Everything works wonderfully if the Firewall is disabled. With the Firewall enabled, I can't access the internet. I've tried adding the executable to trusted executables, etc, but nothing seems to work. I haven't been able to figure out the details from the log files.
Has anyone else managed to get the Windows Sandbox with networking working? If so, how, please? Surely someone at McAfee has tested this and has it working?
Thanks in advance for any help.
I would suggest you to check in FirewallEventMonitor.log located at C:\ProgramData\McAfee\Endpoint Security\Logs for any related blocked traffic and create required allow rules.
Enable "Allow bridged traffic" firewall option if it is disabled and test if it has any impact.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Thank you for the suggestion. I looked in the log and found many blocked events that may be related to Windows Sandbox. I tried to open what I could but I'm by no means a firewall guy and the rule structure doesn't really make intuitive sense to me. I'm sure I did it incorrectly. In any case, Windows Sandbox still has no internet although the number of blocked events in the log seems to be lower.
My concern is that, because of my lack of understanding, I may be opening considerably more than I intend to.
Hi @aturnbul ,
Networking from the sandbox environment to the host Windows 10 environment may be blocked.
Would you be able to check if the issue is resolved by adding the subnet of the host Windows 10 environment to the remote network in the ENS Firewall rule and allowing it?
Use the adaptive mode of ENSFW to create rules on the client machine
You can refer below link and use adaptive mode to create the rules automatically in adaptive mode on the client machine and then review which rules you need and then configure the rules as per your requirement.
How Adaptive mode affects the firewall https://docs.mcafee.com/bundle/endpoint-security-10.5.0-firewall-product-guide-epolicy-orchestrator-...
Below are the steps on how to enable adaptive mode for a single system.
1)Goto System tree, Search for the system name, select it and click on action>>agent>Edit policies on a single system>
2)Then make Product = Endpoint Security Firewall from the Product list.
3)Click on options policy--Make a duplicate of this policy so that you can revert back to the previous policy after creating the rules.
4)Then go to the newly created copy policy
5)Under Tuning Options enable adaptive mode [Note: adaptive mode is used only to configure rules, once done you can disable adaptive mode ]
6)Apply this policy for the system on which you need to create the rules.
7)Once the rules are created under ENSFW on the client machine.
8)Then click on collect and send properties on the Agent monitor so that the adaptive rules are sent back to epo.
9)Then you can run the server task "Endpoint Security Firewall Property Translator" so that the rules created on the client machine are listed under epo.
10)Then you have to go to the "Menu>>>Reporting>>>>>Firewall Client Rules" and then select the rules and add to the policies.
After following these steps if you have any queries, let us know.
Thank you. I tried to follow your advice - let me briefly describe the outcome. First, I should mention that I have the stand-alone version of Endpoint Security 10.7.0.1733 which includes Firewall 10.7.0.1247. Although the specific actions are a little different, I think I followed your advice.
After bringing up the Firewall settings, I switched to advanced view and under Tuning Options, selected Enable Adaptive mode. After clicking Apply, I started Windows Sandbox. As expected, the sandbox had internet access and I was able to browse the web, do downloads, etc. I closed the sandbox and returned to the Firewall Settings page where I entered Advanced view, turned off Adaptive mode, and clicked Apply. There were two new rules in the Adaptive group under Rules.
At this point, as both rules were enabled, I would expect to be able to run Windows Sandbox and have internet access, but no-go. I examined the rules and both specified remote ip addresses on the sandbox virtual switch. Unfortunately, the Windows Sandbox appears to choose random addresses in the 172.19.0.0 subnet (at least on my system) so I changed the new rules to use 172.16.0.0/12 instead. No joy.
I'm stumped. If I make the entire local subnet trusted, everything works (of course). If I try to trust the Windows Sandbox executable, Firewall doesn't even see it (I can't browse to it)! If I fill in the path to the executable, Firewall ignores it. If I trust any executable with a Microsoft signature, it works.
Any suggestions, please?
Try the below article and let us know the result.
You can use the steps provided locally on the ENS console itself.
How to create Endpoint Security Firewall rules to allow third-party application network traffic (ePO managed)
This may help you to create the rule.
Thank you all for the help you offered. I experimented with the advice and came up with the following simple solution which I post here for others who may have a similar question. All I had to do was create a rule that allowed the host to accept (and process) the TCP http and https requests from the virtual switch created by Windows Sandbox. The rule is:
Allow, In, Any Protocol, 172.19.0.0./16, TCP, local: 80, 443
The vswitch uses addresses in the 172.19.0.0/16 subnet, at least on my machine. The above accepts http and https requests from the VM (I think!).