I am looking for advice on how to solve a port blocking rule violation.
I work in an McAfee enterprise environment and we are having an issue with receiving port blocking rule violations on two users who travel frequently.
The Epolicy Orchestrator is relaying messages of port blocking rule violations over port 6666.
The program is telling us that an unidentified program is reaching out over port 6666 to an ip address that we don't even use on our network.
The notification claims it's coming from 192.168.x.x trying to reach out to 172.20.x.x.
The 192.168.x.x is our locally managed wireless address and the 172.20.x.x is not a part of our network environment.
We can't figure out what program could be reaching out and we are responsible for setting up these machines. We feel relatively secure that this is a false positive in terms of being a threat but we can't figure out what is triggering the issue.
If anyone could give me a direction to follow up on I would greatly appreciate it.