I need to stop some systems from talking to certain handlers. I do not need to be told how to use handler groups or anything like that. I cannot use a firewall on the relevant handler because the traffic is actually coming via a load balancer (so same IP address etc). I cannot get the network to do it. I was hoping to use ENS with a standard IP block on the PCs I wanted to block, as we turn off the 'Core McAfee networking rules', but I subsequently note from KB91206 that this does not actually turn it all off (pick jaw up from floor).
Any idea how we COULD get ENS to block agent traffic going to certain handlers?
Hi @andrew_robinson ,
Yes, Enabling "Disable McAfee core networking rules " in ENS firewall options policy will not disable all rules under "McAfee core networking " group in ENS firewall rules policy.
Only the rules that have "yes" under "can you disable " section in the below document can be disabled:
McAfee agent or any other McAfee related application generating a traffic will match the rule " Allow McAfee applications " present in " McAfee core networking " group. this rule is hard coded and cannot be disabled. Hence, it would not be possible to stop McAfee Agent from talking to certain handlers.
I hope this answers your query.
- Rohit Francis
Thanks Rohit, but that does not answer my question. You are basically telling me what I have already pointed out. I am looking for other solutions or perhaps a response from McAfee that says 'Oh, that's an interesting idea - I will put forward a suggestion that allows the customer to change this'. Frankly, the reason I need to do it is partially because of failings in the McAfee product and in particular the bug in agent 5.7.2 that does not close connections so that all our handlers are overloaded and systems are passing on to other handlers that I do not want them to use!
Hi @andrew_robinson By current design, the ENS Firewall cannot be used to block McAfee Agent communications. This is an intentional design based on the McAfee Agent's functionality of managing and enforcing Firewall policy rules that allow/block network traffic on the endpoint client.