cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Question about ENS Firewall Status Control option

Jump to solution

Hi !

Do we have any info on what the following option in policy ENS Firewall - option, section Status Control: "Require justification from users when managing Firewall from the McAfee system tray icon" ?

Where/how does that justification get recorded ? Does the Admin get automatically notified ?

Thanks !

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Question about ENS Firewall Status Control option

Jump to solution

Hi @mathlal 

Thank you for your post. This policy helps the ePO admin to fetch a reason for managing ENS Firewall setting (Disabling it) from the quick settings option by right-clicking the system tray icon.

The reason is requested from the user only when Firewall is being disabled via the Mctray icon on your system tray. This reason is logged in the event description in ePO.

The Event ID is 35009 and comes under Event Category "Traffic Detected". I have attached the Event description part for your kind reference.

Please note, enabling this option does not make sense if you do not have your client UI locked out since, under Full Access, the UI can be leveraged to disable Firewall thereby bypassing the justification request.

I have attached couple of screenshots for your reference. I sincerely hope this resolves your query!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Question about ENS Firewall Status Control option

Jump to solution

Hi @mathlal 

Thank you for your post. This policy helps the ePO admin to fetch a reason for managing ENS Firewall setting (Disabling it) from the quick settings option by right-clicking the system tray icon.

The reason is requested from the user only when Firewall is being disabled via the Mctray icon on your system tray. This reason is logged in the event description in ePO.

The Event ID is 35009 and comes under Event Category "Traffic Detected". I have attached the Event description part for your kind reference.

Please note, enabling this option does not make sense if you do not have your client UI locked out since, under Full Access, the UI can be leveraged to disable Firewall thereby bypassing the justification request.

I have attached couple of screenshots for your reference. I sincerely hope this resolves your query!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Re: Question about ENS Firewall Status Control option

Jump to solution

Thanks for the detailed answer Adithyan !

Cheers, Math

Highlighted

Re: Question about ENS Firewall Status Control option

Jump to solution

Can you tell us what needs to be true to enable something like this?  We have technicians in the field who have to use a variety of programs.  It is impossible for an admin to keep up with all the possible pieces of programming software that technicians needs to use on a daily basis and it is constantly changing.

They are all local administrators on their laptops to allow for these installations, but the problem is that Mcafee ES is blocking their network access.  We need to allow them to either manage their local firewall policies or allow them to disable the firewall entirely when they need to work. 

Does the firewall truely get disabled when this option is turned on, or are their other processes that could be blocking network traffic?

Perhaps it is just to give them an unmanaged client.  

I have used other security programs in the past, but am not as familiar with Mcafee's console.

Thanks

Erik

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Question about ENS Firewall Status Control option

Jump to solution

Hi @erikbriggs, in the ENS Firewall Options policy, you can enable the "Retain existing user-added rules and Adaptive mode rules when this policy is enforced" option, which allows the local user to manage their own local Firewall client rules.  Be aware that these local rules are processed after the ePO policy rules, so as long as you don't allow/block the network traffic in the ePO policy, then the local rules can be used to manage that network traffic (assuming the local user can access the ENS Console settings (e.g., if ENS console password is set)).  Using an unmanaged ENS install will work as well, but to state the obvious, you're losing ePO management and visibility of that client.  Those local clients rules are also sent to the ePO server for processing (e.g., similar to the Firewall Adaptive mode learn feature), however, you can just ignore them (e.g., not add them to the ePO Firewall Rules policy).

 

"Does the firewall truely get disabled when this option is turned on, or are their other processes that could be blocking network traffic"

Yes, if you use the feature to manage the Firewall Status via Agent tray icon (as mentioned originally in this thread), then it will completely disable the Firewall (until the user turns the Firewall back on, or if the Agent performs a local policy enforcement; this is the "Retain user-disabled Firewall status when this policy is enforced" feature).

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community