This one has to have been answered before but I can't find any reference to it. I do web development and need some other machines in my network to access my computer by its computer name. In XP SP3, I eventually found out I needed to create a Firewall rule to allow TCP ports for inetinfo.exe to be permitted. However in Windows 7 Enterprise, inetinfo.exe isn't used anymore.The Activity Log says:
IP Address/User: xx.xx.xx.xx
Description: NT Kernel & System (ntoskrnl.exe)
Message: Blocked Incoming TCP - Source xx.xx.xx.xx : (1569) Destination xx.xx.xx.xx : http (80) (Block System TCP Incoming)
I have been unable to find out how to create a rule that allows the website to work. I have tried NTOSKRNL.EXE, W3WP.EXE, etc. with no luck. Disabling the firewall completely allows it to work so it's definitely McAfee blocking it.
How can I create a rule that allows this to work?
Thanks!Message was edited by: dcwebman
Solved! Go to Solution.
Try creating a firewall rule in the ePO policy like:
Network Protocol: IP
Remote Address: ANY
Transport protocol: TCP
Local Service: 80 From the event, this is the Destination for an incoming packet.
Remote service: 1024-65535 (high random ports are probably used here) From the event, this is the Source for an incoming packet.
Application: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE (no hash)
Oh, and also, you've already got a firewall rule that is blocking this traffic. The rule name is at the end of the event. Block System TCP Incoming
Message was edited by: Kary Tankink on 1/11/11 3:29:30 PM CSTMessage was edited by: Kary Tankink on 1/11/11 3:30:02 PM CST
> Oh, and also, you've already got a firewall rule that is blocking this traffic. The rule name is at the end of the event. Block System TCP Incoming
That explains it then because I did create a rule similar to what you had before. Unfortunately in our IT's wisdom, they created a bunch of rules including the one you identified and I just found buried under a collapsed item. I can't remove that item and any rule I create goes to the bottom of the list, so I assume McAfee handles the rules in the order in the list, hence being blocked.
IT is unwilling to help since they do not want to support Windows 7 yet but we need it for development. Any idea how I can get my rule to be the one used or remove the one they added? If there's no way to do that, having some way to disable the Firewall completely would also be acceptable. I tried that but in 15 minutes, they turn it all back the way it was.
If it matters, it's McAfee Host Intrusion Prevention 184.108.40.2069 (patch 8).