I've got McAfee Internet Security running on a Windows 10 PC at the doctor's. She also has a Schiller Heart monitor which transfers results from the test via a network connection to the PC. This did'nt work with the firewall active.
I've done some investigations, and my current conclusions are as follows:
- I cannot allow the application as 'allowed', because it uses a 'javaw' which is installed with the Schiller software, not the 'system-wide' known javaw.exe. The system-wide javaw.exe is already allowed.
- I've taken some Wireshark traces to find out what's going on. As far as I could see:
* Communication is done via SNMP (so UDP)
* The first packet in the dialog comes from the monitor (=remote device), with source port 161. The destination port varies each time and is in the higher order range (5xxxx - 6xxxxx).
* I imagine that the PC announces some random port via multicast/broadcast (not caputed in Wireshark due to filter).
I suppose that I could allows UDP traffic on ports 1-65535, but this needs to be to the entire Internet (-> else my DNS queries do not reach the Internet, they are also sourced with a higher order UDP port number). But why installing a firewall if we allow everything?
I've tried allowing port 161, but this seems only to apply to destination ports...