cancel
Showing results for 
Search instead for 
Did you mean: 
mlajoie
Level 10
Report Inappropriate Content
Message 1 of 4

Using the Firewall to Stop all Network Communications

Jump to solution

 A request was made of me to see if we could use the firewall to stop a machine from communicating to the network.  

My initial thought  was to take all of our subnets and set them as "not trusted".

My second thought was to use domain blocking and block anything to our domain name.

My third thought was to both of the above.

Is there a better way or another way I haven't thought of?

I know that once this is applied, we have to physically go to the machine to get it remediated but that is of less concern

Labels (1)
1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Using the Firewall to Stop all Network Communications

Jump to solution

@mlajoie wrote:
I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Hi @mlajoie, this is not possible in ENS Firewall.  Even if you have a BLOCK ALL rule in your ruleset (which is not needed since the ENS Firewall includes a hard-coded, default BLOCK ALL TRAFFIC rule at the bottom of the ruleset) and enable the "Disable McAfee Core Networking" option, there will still be a few Firewall rules that are not disabled and will allow traffic.

Ref KB91206, Section "After I enable the "Disable McAfee core networking rules" feature, why are all the firewall rules inside the McAfee core networking group not disabled?" and "Which McAfee core networking firewall rules are not disabled when I enable the "Disable McAfee core networking rules" feature?").

3 Replies
McAfee Employee mmuthuga
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Using the Firewall to Stop all Network Communications

Jump to solution

You can try below two steps to block most of the communication for the machine.

A block all firewall rule placed at top most position in firewall rule set. Select direction as  either, "Any protocol" for network protocol, "All protocols" for transport protocol, do not specify any network and executable in the rule to create the block all rule.

Select "Disable McAfee core networking rules" option.

 

 

mlajoie
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Using the Firewall to Stop all Network Communications

Jump to solution
Duh. The block all rule -- should've thought of that. That part is working splendidly.

Unfortunately, checking the box had no effect on some of the mcafee networking rules. It is still communicating with ePO. I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Anything else you can think of?
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Using the Firewall to Stop all Network Communications

Jump to solution

@mlajoie wrote:
I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Hi @mlajoie, this is not possible in ENS Firewall.  Even if you have a BLOCK ALL rule in your ruleset (which is not needed since the ENS Firewall includes a hard-coded, default BLOCK ALL TRAFFIC rule at the bottom of the ruleset) and enable the "Disable McAfee Core Networking" option, there will still be a few Firewall rules that are not disabled and will allow traffic.

Ref KB91206, Section "After I enable the "Disable McAfee core networking rules" feature, why are all the firewall rules inside the McAfee core networking group not disabled?" and "Which McAfee core networking firewall rules are not disabled when I enable the "Disable McAfee core networking rules" feature?").

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community