I'm having an issue with McAfee HIPS Firewall Policy blocking all traffic on random workstations at random times. I'd say about once a week we're getting a call where a user just lost all network connectivity. We work the user thru accessing the interface and disabling the Firewall policy. Once the firewall policy is disabled, network connectivity resumes. We typically remote in and uninstall the application, and redeploy it that night.
I'm guessing it could be my one of my rules, but it seems strange that it just randomly will cause issues. Would it help if I provide the XML export from Firewall Rules? I'm debating rebuilding the rules.
Does anyone have any suggestions on figuring this one out? Anything anyone else has come across?
I've seen the firewall be unreliable at times. Reloading the HIPS module would be my first step, especially if you are seeing blocked traffic which should be allowed by your policy.