4 Replies Latest reply on Jun 4, 2009 4:33 AM by jawuk

    McAfee 8.5 to 8.7 Policy Migration- Strange issue

      Hi all

      I have successfully run the policy migration tool from mcafee and it has indeed migrated all the policies from 8.5 to 8.7 as expected, but i have seen some strange behaviour from some of our Access Protection Rules Policys.

      We have about 9 access protection policies covering differnt types of machine role. In each of the access protection policies we have a number of process exclusions under the ''McAfee Standard Protection/Prevent Mass Mailing Worms from Sending Emaíl''.

      The strange thing is, when i go into one of the 9 policies, and go to the edit button to add some more process exclusions for the Prvent Mass Mailing Worms from Sending email, and i type in a new process policy, the ''OK'' button never goes to a clickable state, it remains greyed out, and the Rule Name ''Prevent Mass Mailing Worms From Sending Email'' develops two red ''!!'''s at the end of the field, as if i was creating a duplicate rule with the same name.

      Its very weird.

      The only way i can work around it is to insert a blank space at the end of the Rule Name so it becomes ''Prevent Mass Mailing Worms from Sending Email '', notice the space in the end. Then, i can add processes to my hearts content, and the OK button acts as normal. As soon as i take the space away from the name and try and change it back to what it was originally, which for all intents and purposes should work, as there are no other rules with that name, the two red ''!!'' appear again, indicating a conflict.

      The workaround works. . .and the exclusions i make, make it to the clients, but it scares me to think there are other ''undiscovered'' bugs in the policies that i can only have come from a result of the migration.



      I still have the 8.5 policies in EPO which are, of course, identical to the 8.7 ones, and they do NOT display the same odd behaviour. These Policies were migrated from 8.0 .

      The whole server is less that 6 weeks old, so i would not have expected to see these weird issues, so i can only think it is a bug in the EPO migration tool and/or EPO itself

      Im sure if i deleted, and recreated the policys again, and reassigned them, with the same settings i would not have the issue, but. . .we have over 400 sites, and i do not want to have to reassign them all . . . dont ask why we do, this is not the place to discuss it happy there are reasons, but it is the consideration i have to make.

      regards

      J
        • 1. RE: McAfee 8.5 to 8.7 Policy Migration- Strange issue
          Thanks for the info! I will need to be careful of this also!
          • 2. RE: McAfee 8.5 to 8.7 Policy Migration- Strange issue
            Im intruguied to know if anyone else experiences this, as in whether it is a bug worth reporting to McAfee or just an issue with 'my particular installtion', but as i say, its a by the book install, and very new, so its not like its a dog old setup which has had years to get clunky.

            J
            • 3. RE: McAfee 8.5 to 8.7 Policy Migration- Strange issue
              jmaxwell


              Like mine is going to be grin
              • 4. RE: McAfee 8.5 to 8.7 Policy Migration- Strange issue
                OK,

                issue resolved.


                It seems that when you do a policy migration from 8.0 to 8.5 , the layout of the access protection policy has changed quite abit, so during the migration , the wizard seems to do a fudge.

                IN 8.0 you had something called 'Port Blocking Policies' , where the mass mailing worm rulep had the ability to actually specify other ports, direction (inbound and outbound etc), and it just so happened that the default mcafee setup had a rule, called Prevent Mass Mailing Worms, setup, with the appropriate port (25) and the direction. But it may as well have been almost a user speficied policy, within the 'Port Blocking Policies' area of Access protection


                In 8.5, they did away with the idea of the 'Port Blocking' tab, and then called it just 'Access Protection' and then the different classes or levels like Anti-virus Standard Protection or Antivirus Outbreak Control etc, and the Prevent Mass Mailing Worms From Senting Email was now under one of those categories, which now, lacked the ability to specify ports (on that specific rule), as now, mcafee had created a hard and fast rule for blocking port 25, not just used 'Port Blocking' in 8.0 and created a rule called 'Prevent Mass Mailing Worms From Sending Email. So, to migrate those older 8.0 policies to 8.5, to actually migrated the old 8.0 ''Prevent Mass Mailing Worms From Sending Email' rule, and put it under the 8.5 ' User Defined Rules' section of Access Protection, by the same name. So, hence, when i tried to edit the legimitate rule under Antivirus Standard Protection, the name conflict was there, becasue there was a rule, by the same name, living in the User Defined Rules section.

                It seems by doing the migration from 8.5 to 8.5 it worked as it should have, and copied all those rules across, including the EPOmigration created User Defined Rules it had created in 8.5, though, in 8.7. the clash in names o the User Defined rules, and the Anti-Virus Stanard Protection Rules, caused major isses.


                My solution was to copy all of the process exclusions out of the User Defined ''Prevent Mass Mailing Worms From Sending Email'' into a notepad document. Do this for both the Workstation and the Server Tab. Then Click Save.

                Then go back into the Access protection Policy and click on the Anti-virus Standard Protection tab and choose the ''Prevent Mass Mailing Worms From Sending Email ' Rule, and copy the processes back in to the revelant fields, and click OK (It now works) , in both Workstation and Server. Problem SOLVED!

                The reason i copied the process exlusions out of the User defined rules policy was that all the exlusions i had made in the 8.0 rule, inclusing ones for my environment , were migrated to the User'defined areas in 8.5, so these were the rules that included my personal process exclusions.

                If you have lived alittle on 8.5 and added exlusions in the 'Anti-Virus Standard Protection' Prevent Mass Mailing Worms from sending Email, ensure that you look through the rules to ensure a complete list of rules you want, as yoy may have ade some exlusions in 8.0 that lived on in the User Definned rules area, and also some int he 'Antivirus Standard Protection' area.


                This is also the same for Prevent IRC Communication Rules

                regards

                J