cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

HIPS Blocking Backup Exec

Jump to solution

We backup a users PC using Backup Exec but then we added HIPS onto their machine and the backup always fails now. We put firewall rules into Adaptive mode and the backup ran fine. When we took it out of adaptive mode (telling the pc to retain the rules it created), the backup stil fails. We know its a firewall issue but we are not sure what rule we are missing. We have a firewall rule that allows all traffic from the backup exec server using a wide range of ports to the beremote exe.

The error we get on Backup Exec is: A communications failure has occured

We are using Backup Exec 15 and McAfee HIPS 8

1 Solution

Accepted Solutions
Highlighted

Re: HIPS Blocking Backup Exec

Jump to solution

Hi,

I have now solved the issue, we found that Backup Exec was using a larger range of local ports then we thought and so we epanded this range in the policy and we are now able to backup the machine.

Thanks

View solution in original post

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: HIPS Blocking Backup Exec

Jump to solution

The network traffic may not be associated with beremote.exe. Review the HIPS Activity log and create firewall rules for any blocked traffic that is associated with the software (remote IPs, ports, etc.).  You may find that the traffic is SYSTEM-based and is not associated with a specific app PID (meaning the firewall rule cannot be associated with an application).  If the application worked while in Adaptive mode, review what rules were created and see if they might be associated with backup software.  Also test using the "Allow ANY/ANY" firewall rule set from KB67055.

KB67055 – How to troubleshoot a network facing application, or traffic is blocked by Host Intrusion Prevention firewall

https://kc.mcafee.com/corporate/index?page=content&id=KB67055

Also make sure you are testing the latest HIPS 8.0 version for any known defects.

KB70725 - Host Intrusion Prevention 8.0 patch and hotfix version information

https://kc.mcafee.com/corporate/index?page=content&id=KB70725

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: HIPS Blocking Backup Exec

Jump to solution

Hi Charlie,

This document is for BE v11d but probably applies in your environment:

https://www.veritas.com/support/en_US/article.TECH49563



https://www.veritas.com/support/en_US/article.TECH49563 wrote:






List of TCP/UDP ports used by Backup Exec 11d and above (including CPS and DLO) and BE System Recovery (BESR)









































































































































Backup Exec Agent Browser (process=benetns.exe)6101TCP
Backup Exec Remote Agent for Windows Servers (process=beremote.exe)10000TCP
Backup Exec Server (process=beserver.exe)3527TCP
6106TCP
MSSQL$BKUPEXEC (process=sqlservr.exe)1125TCP
1434 (ms-sql-m)UDP
Oracle Agent for Windows and Linux ServersRandom port unless
configured otherwise
DB2 Agent for Windows and Linux ServersRandom port unless
configured otherwise
Kerberos88UDP
NETBIOS135TCP, UDP
NETBIOS Name Service137UDP
NETBIOS Datagram Service138UDP
NETBIOS Session Service139TCP
NETBIOS (Windows 2000)445TCP
DCOM/RPC3106TCP
Backup Exec Remote Agent6103TCP
Push Install -- Check for conflicts in message queue for CASO which is part of beserver.exe103xTCP
Push Install -- SMB2445TCP
SMTP email notification25 outbound from media serverTCP
SNMP162 outbound from media serverTCP
FTP21TCP
HTTP80TCP
HTTPS443TCP


Backup Exec for Windows Servers Listening Ports:



First, it is important to understand the difference between using a port for listening versus for dynamic or ad-hoc communication.


When Backup Exec for Windows Servers is not running any operations, the various services are listening on ports for incoming communication from other services and/or agents.


During operations such as backups, a Backup Exec for Windows Server will first communicate to the Remote Agent on the static listening port (control connection) and then pass data back and forth using dynamic (ad-hoc) ports that are either random (by default) or can be configured to use a specific range.


More detail on limiting the port ranges for Remote Agent communications can be found in the Related Documents area at the bottom of this document.


 
























































ServicePortPort Type
Backup Exec Agent Browser (benetns.exe)6101TCP
Backup Exec Remote Agent for Windows Server (beremote.exe)10000TCP
Backup Exec Server (beserver.exe)3527, 6106TCP
MSSQL$BKUPEXEC (sqlservr.exe)1125TCP
1434UDP
Backup Exec Remote Agent for NetWare10000, 6102TCP
Remote Agent for Linux and UNIX Servers (RALUS)10000TCP
DBA-initiated backups for Oracle and DB25633

TCP


Backup Exec Deduplication Engine (spoold.exe)10082TCP
Backup Exec Deduplication Manager (spad.exe)10102TCP



My guess is that you have to Configure BERemote to use Specific ports rather than using the default random ports. HIPS in learning mode will work, but turning off learning mode causes failure due to the next random port used, not yet configured to work within HIPS. Check the rules HIPS created while in learning mode and compare against the ports when it fails. This should lead you to the area that can help you statically define the port you want to use, and then change the HIPS rule(s) to use that port.

Another article: https://www.veritas.com/support/en_US/article.TECH43579

Hope this helps

Ron Metzger

Thanks,
Ron Metzger

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Highlighted

Re: HIPS Blocking Backup Exec

Jump to solution

Hi,

I have now solved the issue, we found that Backup Exec was using a larger range of local ports then we thought and so we epanded this range in the policy and we are now able to backup the machine.

Thanks

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community