cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Stopping the McAfee agent from talking to certain handlers

I need to stop some systems from talking to certain handlers. I do not need to be told how to use handler groups or anything like that. I cannot use a firewall on the relevant handler because the traffic is actually coming via a load balancer (so same IP address etc). I cannot get the network to do it. I was hoping to use ENS with a standard IP block on the PCs I wanted to block, as we turn off the 'Core McAfee networking rules', but I subsequently note from KB91206 that this does not actually turn it all off (pick jaw up from floor). 

Any idea how we COULD get ENS to block agent traffic going to certain handlers?

4 Replies
rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Stopping the McAfee agent from talking to certain handlers

Hi @andrew_robinson ,

Yes, Enabling  "Disable McAfee core networking rules  " in ENS firewall options policy will not disable all rules under "McAfee core networking " group in ENS firewall rules policy.
Only the rules that have "yes" under "can you disable " section in the below document can be disabled:
https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-5C381...

McAfee agent or any other McAfee related application generating a traffic will match the rule " Allow McAfee applications " present in " McAfee core networking " group. this rule is hard coded and cannot be disabled. Hence, it would not be possible to stop McAfee Agent from talking to certain handlers.

I hope this answers your query.
- Rohit Francis

Re: Stopping the McAfee agent from talking to certain handlers

Thanks Rohit, but that does not answer my question. You are basically telling me what I have already pointed out. I am looking for other solutions or perhaps a response from McAfee that says 'Oh, that's an interesting idea - I will put forward a suggestion that allows the customer to change this'. Frankly, the reason I need to do it is partially because of failings in the McAfee product and in particular the bug in agent 5.7.2 that does not close connections so that all our handlers are overloaded and systems are passing on to other handlers that I do not want them to use!

ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Stopping the McAfee agent from talking to certain handlers

Hi @andrew_robinson By current design, the ENS Firewall cannot be used to block McAfee Agent communications.  This is an intentional design based on the McAfee Agent's functionality of managing and enforcing Firewall policy rules that allow/block network traffic on the endpoint client.

Re: Stopping the McAfee agent from talking to certain handlers

Spoiler
Great. Would anybody else like to simply confirm what I have already said and offer no help whatsoever? I have hours to burn reading such responses.........
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community