cancel
Showing results for 
Search instead for 
Did you mean: 

HIPs 8 - Disabling of Firewall - Log

Jump to solution

Had a question related to end users disabling the firewall through the McAfee end point agent. We have set to refresh every 15 min and in talks about hiding that feature in the end point agent. My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

I know that I can generate a report in ePO pulling from the system all end points that have the firewall disabled but that report is only valid from the last end point agent check in. So I would manually have to pull one of the end points from the report and manually send it a wake up call to get the latest information from the that end point.

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

5 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 6

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Moved to HIPs for faster response..

---

Peter

Moderator

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution
My question is related to logging that activity of an end user disabling the firewall. Is it logged somewhere locally on the machine or to ePO? I have looked at the event logs on a machine that I am testing and did not see any generated events for that actions

Users disabling the HIPS IPS/Firewall modules via the McAfee Agent Quick Settings menu does not generate any events locally or via ePO.

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

Thank you - thats what I thought I just wanted to confirm it

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

users can not disable the firewall unless they know the password to unlock it, you should change the default password for the unlock if you do not want users to disable it. I am assuming that the firewall option is enabled via epo for you clients.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: HIPs 8 - Disabling of Firewall - Log

Jump to solution

alhaawi wrote:



users can not disable the firewall unless they know the password to unlock it


If you have enabled the option HIPS 8 General -> ClientUI -> Advanced options -> Allow disabling of features from the tray icon, then users can disable IPS and/or FW without the HIPS administrator or time-based password.