cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

No Internet in Windows Sandbox

Dear Community,

I'm trying to use Windows Sandbox on a system with ENS 10.7 installed. Everything works wonderfully if the Firewall is disabled. With the Firewall enabled, I can't access the internet. I've tried adding the executable to trusted executables, etc, but nothing seems to work. I haven't been able to figure out the details from the log files.

Has anyone else managed to get the Windows Sandbox with networking working? If so, how, please? Surely someone at McAfee has tested this and has it working?

Thanks in advance for any help.

8 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: No Internet in Windows Sandbox

Hello 

I would suggest you to check in FirewallEventMonitor.log located at C:\ProgramData\McAfee\Endpoint Security\Logs for any related blocked traffic and create required allow rules.

Enable "Allow bridged traffic" firewall option if it is disabled and test if it has any impact.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Highlighted

Re: No Internet in Windows Sandbox

Thank you for the suggestion. I looked in the log and found many blocked events that may be related to Windows Sandbox. I tried to open what I could but I'm by no means a firewall guy and the rule structure doesn't really make intuitive sense to me. I'm sure I did it incorrectly. In any case, Windows Sandbox still has no internet although the number of blocked events in the log seems to be lower.

My concern is that, because of my lack of understanding, I may be opening considerably more than I intend to.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: No Internet in Windows Sandbox

Hi @aturnbul ,

Networking from the sandbox environment to the host Windows 10 environment may be blocked.
Would you be able to check if the issue is resolved by adding the subnet of the host Windows 10 environment to the remote network in the ENS Firewall rule and allowing it?

Regards,

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: No Internet in Windows Sandbox

Hello,

Use the adaptive mode of ENSFW to create rules on the client machine

You can refer below link and use adaptive mode to create the rules automatically in adaptive mode on the client machine and then review which rules you need and then configure the rules as per your requirement.

How Adaptive mode affects the firewall https://docs.mcafee.com/bundle/endpoint-security-10.5.0-firewall-product-guide-epolicy-orchestrator-...

Using Adaptive mode https://docs.mcafee.com/bundle/endpoint-security-10.5.0-firewall-product-guide-epolicy-orchestrator-...

Below are the steps on how to enable adaptive mode for a single system.

1)Goto System tree, Search for the system name, select it and click on action>>agent>Edit policies on a single system>

2)Then make Product = Endpoint Security Firewall from the Product list.

3)Click on options policy--Make a duplicate of this policy so that you can revert back to the previous policy after creating the rules.

4)Then go to the newly created copy policy

5)Under Tuning Options enable adaptive mode [Note: adaptive mode is used only to configure rules, once done you can disable adaptive mode ]

6)Apply this policy for the system on which you need to create the rules.

7)Once the rules are created under ENSFW on the client machine.

8)Then click on collect and send properties on the Agent monitor so that the adaptive rules are sent back to epo.

9)Then you can run the server task "Endpoint Security Firewall Property Translator" so that the rules created on the client machine are listed under epo.

10)Then you have to go to the "Menu>>>Reporting>>>>>Firewall Client Rules" and then select the rules and add to the policies.

After following these steps if you have any queries, let us know.

 

 

Regards,
Daya
Highlighted

Re: No Internet in Windows Sandbox

Thank you. I tried to follow your advice - let me briefly describe the outcome. First, I should mention that I have the stand-alone version of Endpoint Security 10.7.0.1733 which includes Firewall 10.7.0.1247. Although the specific actions are a little different, I think I followed your advice.

After bringing up the Firewall settings, I switched to advanced view and under Tuning Options, selected Enable Adaptive mode. After clicking Apply, I started Windows Sandbox. As expected, the sandbox had internet access and I was able to browse the web, do downloads, etc. I closed the sandbox and returned to the Firewall Settings page where I entered Advanced view, turned off Adaptive mode, and clicked Apply. There were two new rules in the Adaptive group under Rules.

At this point, as both rules were enabled, I would expect to be able to run Windows Sandbox and have internet access, but no-go. I examined the rules and both specified remote ip addresses on the sandbox virtual switch. Unfortunately, the Windows Sandbox appears to choose random addresses in the 172.19.0.0 subnet (at least on my system) so I changed the new rules to use 172.16.0.0/12 instead. No joy.

I'm stumped. If I make the entire local subnet trusted, everything works (of course). If I try to trust the Windows Sandbox executable, Firewall doesn't even see it (I can't browse to it)! If I fill in the path to the executable, Firewall ignores it. If I trust any executable with a Microsoft signature, it works.

Any suggestions, please?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: No Internet in Windows Sandbox

Hello,

 

Try the below article and let us know the result.

You can use the steps provided locally on the ENS console itself.

How to create Endpoint Security Firewall rules to allow third-party application network traffic (ePO managed)
https://kc.mcafee.com/corporate/index?page=content&id=KB91885

 

This may help you to create the rule.

 

Regards,
Daya
Highlighted

Re: No Internet in Windows Sandbox

Thank you for the article. Those are exactly the steps I followed. No one at McAfee has a Windows 10 Enterprise PC? Or should I be opening a ticket on support?

Highlighted

Re: No Internet in Windows Sandbox

Thank you all for the help you offered. I experimented with the advice and came up with the following simple solution which I post here for others who may have a similar question. All I had to do was create a rule that allowed the host to accept (and process) the TCP http and https requests from the virtual switch created by Windows Sandbox. The rule is:

Allow, In, Any Protocol, 172.19.0.0./16, TCP, local: 80, 443

The vswitch uses addresses in the 172.19.0.0/16 subnet, at least on my machine. The above accepts http and https requests from the VM (I think!).

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community