Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 2

Assistance with Location Awareness

Our firm has a situation where a business unit does security consultation.  Part of that process involves penetration testing.  The staff have a Windows 7 laptop with a built in NIC, and a USB NIC (TRULink ASIX AX88178 USB 2.0) that is bound ONLY to a Back Track VM they use for testing.  The McAfee HIPs Sofwtare is bound to both NIC's.  The HIPs Firewall interferes with the pen testing tools they use even though the software is NOT installed on the Back Track VM.  Likewise the USB External NIC is only NIC set-up in the BackTrack VM; No traffic is allowed on the Back Track VM from the internal NIC.

From what has been seen, it appears there is still some lower-level traffic being monitored (and blocked) by McAfee HIPs on the external USB NIC.  I have attempted to build location awareness rules specific to the eternal USB NIC traffic and have not been successful.  Is there a way to create a Network Awareness \ Location Awareness HIPs Firewall rule set to allow all traffic on the USB external NIC, but still monitor the traffic on the internal built-in NIC?

Bob Staszewski (

1 Reply
Level 12
Report Inappropriate Content
Message 2 of 2

Re: Assistance with Location Awareness


Not sure how your FW is setup presently, but sounds like it could be your issue. I would create a firewall policy for just these pen test systems, then apply it to them. Here is the setup as if you were looking at the Firewall Rules policy in ePO:


Firewall Rules policy
1. External USB NIC Location Aware group (within this group, configure the network criteria to be the single static IP of the External USB NIC, or range of addresses if the IP varies. Make sure you check the "Isolate this connection" box")

-> place your firewall rules for this NIC here within this group

2. Internal NIC Location Aware group (again, configure your network to be the static IP of the internal NIC, or DHCP range. Again, check the "Isolate this connection" box.)

->place your firewall rules for this NIC here within this group


Kinda simplified, but it gives you a general idea.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community