cancel
Showing results for 
Search instead for 
Did you mean: 

[Nightmare] VirusScan Enterprise Firewall Exceptions!!!

Hi All, i have been trying to jump through loops of fire with McAfee Tech Support and sales but thought i would ask the community how they did it.

Scenario ...

hundreds servers and a thousands of desktops all managed by epo. AV and Agent is installed on the machines/ servers and updated , patched over time. This then results in firewall rules automatically added to the windows firewall rule set. Overtime this generates duplicate rules. This in some cases leads to 20 duplicate rules which allow 'any' connection to that port and exe.

This on pen tests and a various other tests / checks makes it flag up read and not idea when you know you can lock that port down to be more secure.

How does everyone else out there clean up the rules and prevent this from happening as there is nothing in the product set to prevent the rules from being created?

4 Replies
pato
Level 7
Report Inappropriate Content
Message 2 of 5

Re: [Nightmare] VirusScan Enterprise Firewall Exceptions!!!

Normaly most products (VSE 8.7 and then 8.8) used the same firewall ports. Also applications adding themself to the Windowsfirewall are normaly bound to the executable of that program. So if that program isn't running, the firewall port isn't open. In other words, the application is free to open all needed desired ports in the system.

In my case where VSE 8.8 is installed with Agent, I only have 6 firewall rules, all named "McAfee Framework Service", one for each network profile (domain, private, public) and UDP or TCP. We have one additional rule to remotely install Mcafee Agent, which we added ourselfs.

I don't think that's a lot of rules to be honest.

I don't know if the uninstall process of VSE 8.7 would remove those rules though, but I'm pretty sure that they get newly created if you update to VSE 8.8. Also, did maybe your installation directory change between the versions?

Re: [Nightmare] VirusScan Enterprise Firewall Exceptions!!!

Install location does not change it just keeps on creating the rules which are not required as we have our own locked down rules distributed by group policy and locked down to certain ips, and not 'any' thing.

It just seems like a nightmare and if there was a way to disable this auto creation of the firewall rule all my issues would be solved.

or

if it was to check to see if a 'default' rule was created it would not go and create more!

I have raised a PER for this back in nov 2013

pato
Level 7
Report Inappropriate Content
Message 4 of 5

Re: [Nightmare] VirusScan Enterprise Firewall Exceptions!!!

Re: [Nightmare] VirusScan Enterprise Firewall Exceptions!!!

I forgot to mention there are no standard options in MID to prevent the firewall rules from being created.