cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee HIPS blocking incoming traffic, when in WiFi

Hi, we're using McAfee HIPS 8.0 with ePo 4.5.0.1852 and are randomly experiencing problems when our users are connected to WiFi. Users get the message that there is no Internet Connection and I saw in activity log that incoming TCP and UDP traffic (dns service, rdp..) is being blocked (using last rule, which is "block all traffic"). This happens only when they're connected to WiFi-no problems with LAN. But every Firewall Policy rules alre build for wired and wireless media types.

Has anyone had this problems before??

Thanks!!

0 Kudos
6 Replies
exbrit
Level 21

Re: McAfee HIPS blocking incoming traffic, when in WiFi

Moved provisionally from Security Awareness to HIPS for better support.

0 Kudos
McAfee Employee

Re: McAfee HIPS blocking incoming traffic, when in WiFi

This might be Firewall-related; some type of blocked network traffic.  Disable the HIPS Firewall and see if this resolves the issue.

KB67055 – How to troubleshoot a network facing application, or traffic is blocked by Host Intrusion Prevention firewall

https://kc.mcafee.com/corporate/index?page=content&id=KB67055

Or, it could be conflicting with the QoS software (known issues).  Try uninstalling and rebooting the Microsoft QoS driver.

KB72097 -LAN / Wi-Fi / VPN Client / network connection fails to connect with Host Intrusion Prevention 8.0 / 7.0

https://kc.mcafee.com/corporate/index?page=content&id=KB72097

Also, verify if you are using a current HIPS 8.0 build.  8.0.0.2482 is recommended for testing this issue.

KB70725 - Host Intrusion Prevention 8.0 patch and hotfix version information (Master)

https://kc.mcafee.com/corporate/index?page=content&id=KB70725

0 Kudos

Re: McAfee HIPS blocking incoming traffic, when in WiFi

Hi, thanks for your suggestions, I'll try them.

One strange thing is, that only users in one office are having this issues. The only difference to the other offices is, that we use in this specific office different networks for LAN und WLAN. So if they are in WLAN AND LAN, they have two network interfaces which are in different networks..

HIPS is blocking just the incoming traffic.. so e.g. I send out a DNS request and the incoming packet is being blocked, even if we have configured the rule
"allow outgoing DNS UDP packet 53".. it blocks with the last rule, which is "block all traffic"..so it looks like this stateful behaviour is not working...

I have configured a rule which allows both directions for dns(UDP 53) and did not have any problems since then, but this is a security vulnerability,so I am not allowed to roll this out to all clients...

Nachricht geändert durch renata.petrasova on 23.10.13 07:43:31 CDT
0 Kudos
iggyit
Level 7

Re: McAfee HIPS blocking incoming traffic, when in WiFi

Hi,

Did you ever find resolution to this?  I am having the exact same issue except with hips 7.

Thanks,

Iggy

0 Kudos
greatscott
Level 12

Re: McAfee HIPS blocking incoming traffic, when in WiFi

Are your firewall rules utilizing CAG/LAG Rules? Maybe test with Connection Isolation turned off.

0 Kudos

Re: McAfee HIPS blocking incoming traffic, when in WiFi

Hi, no. we have not... It seems that updating HIPS to 8.0.0.2151 helped. since then we haven't had any problems. McAfee Support told me to change my DNS rule so it would allow either directions... but right now it doesn't look like it necessary

0 Kudos