cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 1 of 7
‎10-03-2019 10:20 AM

Blocked Outgoing TCP traffic on same VLAN

Hello, I am attempting to communicate with the SCCM server via my client, I've created a rule where I allow the TCP/IPv4 and IPv6 protocol, all of the remote or local networks, local service is all inclusive, the remote service specify only ports 80, 443 and the SCCM executable to communicate between the SCCM server and a client. I've added a snapshot of the HIPS log below:

Event: Traffic IP Address/User: XXX.XXX.XXX.2

Description: Host Process for Microsoft Configuration Manager (CcmExec)

Path: C:\WINDOWS\CCM\CcmExec.exe

Message: Blocked Outgoing TCP - Source .XX.15 : (62705) Destination .XX.2 : http (80) Matched Rule: DENY ALL (Keep At Bottom!). 

 After creating this rule, I'm still receiving the blockage from my client to the SCCM server, please assist. 

0 Kudos
Reply
6 Replies
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎10-04-2019 03:01 PM

Re: Blocked Outgoing TCP traffic on same VLAN

Hi @Jdtjordan1983 Can you show screenshots of the firewall rule you created?   Or if possible, open a Service Request with our Support team and we can further verify the rule is setup correctly.


if you defined File Description details of the executable, make sure you have the right value set (ref KB71735), or don't specify a value.  This is a common area of rule misconfiguration.

 

KB71735 - Purpose of the executable File Description field in Endpoint Security Firewall and Host Intrusion Prevention

0 Kudos
Reply
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 3 of 7
‎10-07-2019 04:48 AM

Re: Blocked Outgoing TCP traffic on same VLAN

Hello ktankink,

as requested, I've attached a screenshot of the rule that was created for SCCM.SCCM Firewall Rule.PNG

0 Kudos
Reply
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 7
‎10-07-2019 11:46 AM

Re: Blocked Outgoing TCP traffic on same VLAN

  • The executable File Descriptions appear to be misconfigured; see KB71735.
  • FYI: You don't need to specify 1-65535 for ports; won't hurt if you do though.  Leaving it blank applies ANY to that value and includes all ports.
0 Kudos
Reply
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 5 of 7
‎10-09-2019 01:28 PM

Re: Blocked Outgoing TCP traffic on same VLAN

Hello ktankink,

I've made the adjustments you suggested and no dice, still unable to communicate between server and client on the same LAN. I've attached a screenshot of the adjustment I made to the firewall rule.SCCM100919.PNG

0 Kudos
Reply
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 6 of 7
‎10-09-2019 01:50 PM

Re: Blocked Outgoing TCP traffic on same VLAN

The File Descriptions still are not accurate.  Please see the example in the previously mentioned KB about what the correct value should be (if you plan on using that criteria).


Example:

powershell.jpg

0 Kudos
Reply
Jdtjordan1983
Jdtjordan1983
Level 7
Report Inappropriate Content
Message 7 of 7
‎10-15-2019 08:14 AM

Re: Blocked Outgoing TCP traffic on same VLAN

Hello, I've added the file description name and still receive the Blocked Outgoing TCP from the client to the server on the same VLAN. SCCM101519.PNG

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC