cancel
Showing results for 
Search instead for 
Did you mean: 

HIPs 8 - Disabling of Firewall - Log

Jump to solution

Had a question related to end users disabling the firewall through the McAfee end point agent. We have set to refresh every 15 min and in talks about hiding that feature in the end point agent. My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

I know that I can generate a report in ePO pulling from the system all end points that have the firewall disabled but that report is only valid from the last end point agent check in. So I would manually have to pull one of the end points from the report and manually send it a wake up call to get the latest information from the that end point.

1 Solution

Accepted Solutions
ktankink McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

View solution in original post

8 Replies

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Moved to HIPs for faster response..

---

Peter

Moderator

ktankink McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

View solution in original post

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Thank you - thats what I thought I just wanted to confirm it

Highlighted

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

users can not disable the firewall unless they know the password to unlock it, you should change the default password for the unlock if you do not want users to disable it. I am assuming that the firewall option is enabled via epo for you clients.

ktankink McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

alhaawi wrote:



users can not disable the firewall unless they know the password to unlock it


If you have enabled the option HIPS 8 General -> ClientUI -> Advanced options -> Allow disabling of features from the tray icon, then users can disable IPS and/or FW without the HIPS administrator or time-based password.

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Side question. How long does it stay off for? Just until the next policy enforcement?

chealey McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

The disabled feature remains disabled until restored by the menu command or the next policy
enforcement.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
ktankink McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

This depends on whether you have the Override Firewall at policy enforcement option enabled or not.

  • If this feature is enabled, then the next Agent policy enforcement will reset the Firewall status (depending on the policy settings).
  • If this feature is disabled, then the Agent policy enforcement will NOT reset the Firewall feature and it must be manually reset again via the Agent Tray icon.

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community