After renewal of out subscription a littlewhile ago an issue has arisen which is proving to be annoying to the users.
We run an in house developed system tohandle our marketing, operations, purchasing and sales needs, this software runs entirely on our own servers and behind a firewall.
The issue which has arisen is that when anew version of the software is released it triggers the SaaS firewall to popup on the users PC asking them to allow orblock the software.
As this did not happen before the update Iam assuming, dangerous I know, that either the things have been tightened up ora setting somewhere has been set or unset by the update which results in thisnew behaviour.
My question is, is there a method oftelling SaaS to ignore specifically named EXE’s?
Any ideas or suggestions will be gratefully recieved
Certainly, we can block that particular application from McAfee Firewall. If you trust that particular application, then we can assign a policy to allow it in the Firewall Protection. Please follow the below steps to allow that particular applciation.
1. Login into your Security center with your email address and the password in the page www.mcafeeasap.com
2. Please look on the tab Policies on the top
3. Please click on the Policies tab and select the policy which you want to modify.
4. Select the Firewall Protection and click on Allowed Internet application.
5. Check for the application file that you want to allow in that list.
6. If it is blocked, click on allow and save the policy.
7. Then check whether the McAfee SaaS blocks that particular application or not.
Note : This will be applicable for all the computers which are under this policy.
If you want to allow that application for a single computer, then please follow the given steps:
Right click on the M-icon
Open Console-->Action menu-->Product details-->Firewall-->View application-->Select allow.
Set connection type-->Custom-->Edit--->Approve/Add the programs.
Please let us know if you have any queries so that we can assist you.
Hi Geetha P
Thanks for the responce.
I have already tried this and although it does solve the issue as far as a single release is concerned it appears that the next time the software changes the process you outlined would need to be repeated, as some parts of the software changes on a daily basis (or even several times a day) this would in itself be an extra if small step in the release process.
It would appear that the firewall checks the version of the exe against its allowed list rather than just the name.
I see that you are concerned that the new product update will change the firewall settings again. Please make the firewall protection mode to be in report, so that it will not give you the same pop up as it did earlier.
Please follow the given steps to change the firewall protection mode.
1. Open security center using your login credentials.(www.mcafeeasap.com)
2. Click on policies --> select add policy --> select firewall protection --> select Administrator configures firewall --> select --> Change firewall protecion mode to Report mode.
Please let us know if you have any concerns so that we will be able to assist you further.
bluemaqn, we had this issue 2 years ago. For this reason we found the outgoing firewall functionality to be unmanageable and switched it off.
We weere informed that a fingerprint of outgoing software is taken and if the fingerprint doesnt match then the software is blocked
ie anything at all that updates is potentially blocked including MS software. Even though the mcafee whitelist for recommended programs should allow it, it blocked it for whatever reason. I believe it was due some issue of the whitelist not being up to date.
Our systems became unusable so we switched it off in report mode only and now we monityor the unrecognised programs list for suspect items.
Hope this helps
A big thank you to everyone for theiradvice, I have now turned the firewall to only report.
I guess that this is a no win situation forthe developers as some people will want to have new or modified exe’s blockedby default.
The only way I can see of getting aroundthe problem and have the best of both worlds is to have a switch in the whitelist so that users can elect to block on the exe name or on any change at all.
The firewall when kept at "reports" mode will allow these softwares irrespective of the updates.
Morover you also get the allowed/block list populated with applications for you to decide which to allow and which to block.
Blueman, it is good to see that your issue is now resolved.
Please contact us for any further issues related to McAfee SaaS Endpoint Protection Services.