cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Had to disable HIPS on DC for clients to join

I have a Windows server 2012 R2 that is my DC and I'm running McAfee agent on it (HIPS and VSE).  I was trying to add a file share server on the DC but I was getting an error.  I checked the HIPS logs on the DC and it said DNS and netbios were getting blocked.  I went on EPO and changed the HIPS FW policy to allow both and it still it was getting blocked.  Then I disabled HIPS to I could add the file share server.  I'm trying to figure out why the traffic was getting blocked.

The DC and file share are on the same network.

Network settings for the DC:

Private IP, and for primary DNS setting I have it pointing to 127.0.0.1.

For the file share server I have it's DNS pointing to the DCs IP address.

Are both of these setup properly?

Thanks

4 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: Had to disable HIPS on DC for clients to join

Have you tried setting up a Connection Aware Group within your firewall? Try creating a new policy with a CAG defined. A CAG is basically a rule within the firewall that says if a DNSname/default gateway/DCHP/etc. matches one of the specified listed within the CAG, then it will allow any/any for internal traffic.

Here is a high level McAfee overview about CAG's:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/20000/PD20747/en_US/...

Otherwise you will have to do what you are doing, and create specific rules in the FW table for traffic that is internal.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 5

Re: Had to disable HIPS on DC for clients to join

Thanks for the response!

I'm pretty sure I created a CAG.  Under HIPS, I am running 'typical corporate fw policy' (FW rule).  I have allowed DNS in either direction as well as allow incoming NetBIOS.  When I try to do a nslookup from the File share server it doesn't resolve.  I then check the HIPS logs on the DC and I see that DNS is getting blocked.  I'm not sure why.  The block rule that it's hitting is 'Block All Traffic'.  Does anyone know where this is?  I only have 3 policies for HIPS (FW options, FW rules, DNS block which is by default). 

I know that HIPS is blocking DNS, NetBIOS because I can see it in the logs... im not sure if I need to allow it anywhere else.

Re: Had to disable HIPS on DC for clients to join

Try setting the FW rules for any direction (for ports 137/138) and see if that works for NetBIOS. The HIPS firewall doesn't always work as expected.

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: Had to disable HIPS on DC for clients to join

If you did have a CAG or it was setup correctly, it would not be blocking this.

The "Block All Traffic" is a default rule in the firewall table that you will not see unless except on the end client when it is being hit; basically if it cannot match a rule within the table, it will default to the built in Block All Traffic - which leads be to believe if you do have a CAG setup, it is not being done correctly.

You can do what drliv1980 is saying and start creating single single rules, but that will leave you with creating all types of rules every time something is tripped. It is much more efficient and easy to setup a CAG for internal traffic.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community