Showing results for 
Search instead for 
Did you mean: 

Microsoft Win7 and SRV2008, issues with default BFE rules


We discovered some issues with the Base Filter Engine, a new security feature introduced by Microsoft in Windows 6.x versions (Vista, 7 2008 Rx). Obviously running the BFE service without any specific IPsec polisy will deny any host assessment or compliance scans using McAfee MVM 7.x.

We found a workaround by creating a IPsec policy object that will enforce trust towards the scan engines IP address(es), but does anyone of you know a more gentle and elegant way to deal with this? Support says "This is a Microsoft issue" which we disagree in.

Best Regards

1 Reply

Re: Microsoft Win7 and SRV2008, issues with default BFE rules

Discussing this with Thomas Kirk offline. An option to cope with this might be to add the source certificates from the MVM appliances to the organisation root certificate trust. We would be able to test.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.