Showing results for 
Search instead for 
Did you mean: 

Microsoft Win7 and SRV2008, issues with default BFE rules


We discovered some issues with the Base Filter Engine, a new security feature introduced by Microsoft in Windows 6.x versions (Vista, 7 2008 Rx). Obviously running the BFE service without any specific IPsec polisy will deny any host assessment or compliance scans using McAfee MVM 7.x.

We found a workaround by creating a IPsec policy object that will enforce trust towards the scan engines IP address(es), but does anyone of you know a more gentle and elegant way to deal with this? Support says "This is a Microsoft issue" which we disagree in.

Best Regards

1 Reply

Re: Microsoft Win7 and SRV2008, issues with default BFE rules

Discussing this with Thomas Kirk offline. An option to cope with this might be to add the source certificates from the MVM appliances to the organisation root certificate trust. We would be able to test.

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.