cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Blocked Outgoing TCP traffic on same VLAN

Hello, I am attempting to communicate with the SCCM server via my client, I've created a rule where I allow the TCP/IPv4 and IPv6 protocol, all of the remote or local networks, local service is all inclusive, the remote service specify only ports 80, 443 and the SCCM executable to communicate between the SCCM server and a client. I've added a snapshot of the HIPS log below:

Event: Traffic IP Address/User: XXX.XXX.XXX.2

Description: Host Process for Microsoft Configuration Manager (CcmExec)

Path: C:\WINDOWS\CCM\CcmExec.exe

Message: Blocked Outgoing TCP - Source .XX.15 : (62705) Destination .XX.2 : http (80) Matched Rule: DENY ALL (Keep At Bottom!). 

 After creating this rule, I'm still receiving the blockage from my client to the SCCM server, please assist. 

6 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Blocked Outgoing TCP traffic on same VLAN

Hi @Jdtjordan1983 Can you show screenshots of the firewall rule you created?   Or if possible, open a Service Request with our Support team and we can further verify the rule is setup correctly.


if you defined File Description details of the executable, make sure you have the right value set (ref KB71735), or don't specify a value.  This is a common area of rule misconfiguration.

 

KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention

Re: Blocked Outgoing TCP traffic on same VLAN

Hello ktankink,

as requested, I've attached a screenshot of the rule that was created for SCCM.SCCM Firewall Rule.PNG

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Blocked Outgoing TCP traffic on same VLAN

  • The executable File Descriptions appear to be misconfigured; see KB71735.
  • FYI: You don't need to specify 1-65535 for ports; won't hurt if you do though.  Leaving it blank applies ANY to that value and includes all ports.

Re: Blocked Outgoing TCP traffic on same VLAN

Hello ktankink,

I've made the adjustments you suggested and no dice, still unable to communicate between server and client on the same LAN. I've attached a screenshot of the adjustment I made to the firewall rule.SCCM100919.PNG

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Blocked Outgoing TCP traffic on same VLAN

The File Descriptions still are not accurate.  Please see the example in the previously mentioned KB about what the correct value should be (if you plan on using that criteria).


Example:

powershell.jpg

Re: Blocked Outgoing TCP traffic on same VLAN

Hello, I've added the file description name and still receive the Blocked Outgoing TCP from the client to the server on the same VLAN. SCCM101519.PNG

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community