cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 9
‎02-27-2015 01:02 PM

HIPs 8 - Disabling of Firewall - Log

Jump to solution

Had a question related to end users disabling the firewall through the McAfee end point agent. We have set to refresh every 15 min and in talks about hiding that feature in the end point agent. My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

I know that I can generate a report in ePO pulling from the system all end points that have the firewall disabled but that report is only valid from the last end point agent check in. So I would manually have to pull one of the end points from the report and manually send it a wake up call to get the latest information from the that end point.

0 Kudos
Reply
1 Solution

Accepted Solutions
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9
‎02-27-2015 02:03 PM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution 
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

View solution in original post

Reply
8 Replies
exbrit
MVP
Report Inappropriate Content
Message 2 of 9
‎02-27-2015 01:04 PM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Moved to HIPs for faster response..

---

Peter

Moderator

0 Kudos
Reply
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9
‎02-27-2015 02:03 PM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution 
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 9
‎03-02-2015 05:46 AM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Thank you - thats what I thought I just wanted to confirm it

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 9
‎03-01-2015 07:56 AM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

users can not disable the firewall unless they know the password to unlock it, you should change the default password for the unlock if you do not want users to disable it. I am assuming that the firewall option is enabled via epo for you clients.

0 Kudos
Reply
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9
‎03-02-2015 08:01 AM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution 

alhaawi wrote:


users can not disable the firewall unless they know the password to unlock it

If you have enabled the option HIPS 8 General -> ClientUI -> Advanced options -> Allow disabling of features from the tray icon, then users can disable IPS and/or FW without the HIPS administrator or time-based password.

0 Kudos
Reply
andrew_robinson
Level 10
Report Inappropriate Content
Message 7 of 9
‎10-28-2019 09:44 PM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Side question. How long does it stay off for? Just until the next policy enforcement?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 8 of 9
‎10-29-2019 02:06 AM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

The disabled feature remains disabled until restored by the menu command or the next policy
enforcement.

Reply
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎10-29-2019 09:05 AM

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

This depends on whether you have the Override Firewall at policy enforcement option enabled or not.

  • If this feature is enabled, then the next Agent policy enforcement will reset the Firewall status (depending on the policy settings).
  • If this feature is disabled, then the Agent policy enforcement will NOT reset the Firewall feature and it must be manually reset again via the Agent Tray icon.

 

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC