Ok, To be more organised I have moved this post to a new thread.
Ok, Ill start!
1. I administrate our 34 nodes. My current feeling towards the firewall functionality is one of uncertainty and slight dread. Our laptops are on the move, users scream if things dont work. The firewall doesnt help me make decisions. This is my experience after 2 years using this product.
2. At a fundamental level, from the security center, I will ask openly off any security engineer: "Would you make a decision on the nature of an unrecognised program based on image name alone?" This is all the security center tells me. I will accept I am wrong if you can prove me to be so. I do not believe I am. The execution path at a bare minimum should be available to me in the security center to make some sort of judgement as to the validity of a firewall blocked program. This is very basic. It would at least allow me to locate the program. This information is available in the console when you manage the firewall from the client end. Why not in the security center? This is so fundamental, and Ive never received a valid answer.
3. Since that information is not available, I suggest the functionality is possibly dangerous as it is asking you to make judgements under pressure. If I click Allow, it could be Malware. Simple as that. As I have no execution path, how am I supposed to locate this program? Do a full search of a harddrive? No thanks! Aint gonna happen.
4. The Unrecognised Programs report provides me with a never ending list of image names that could be in all of my policies, or some, or none. This is hellish to work with. I even see Total Protection Service elements in that list, all the time!!! All the Microsoft Office programs constantly appear in this list. There is no sanity here!! In a busy environment it leads to an empty feeling in my gut.
5. The product should be doing all the work for me. Not me doing all the work to deduce what the hell is going on. The information is available. It is simply being presented in an ultimately unusable way. When I open that report, I expect to see what it says. Unrecognised programs. ie. "Here is a program thats not in a policy. Do you recognise it?" If so, the Allow. If not, then Block and give me information to go and find it. ie execution path at least to start with. Then, that program should disappear from that list until it is executed on anoth machine that it is not recognised in, but not until that moment. I dont want it sitting there in a list because McAfee think I might want to add it to a policy some other time. This is plain silly!!!!!!
6. If it is unrecognised because of a footprint (ie update) Then Tell Me That, feed me information, put it in a different list, but give me the information to make decisions, dont just give me a never ending list of image names that confuse me, or I give up all hope on.
7. There must be some sort of issue about the McAfee whitelist. Common programs that function on the laptops are registered as blocked when you go to the actual list of programs in the firewall itself. Again, more confusion, more doubt, more fear.
8. In the actual firewall policies themselves there are hundreds of image names. No execution path. No information. You presently cannot even sort the column on blocked or allowed status, so you have to scroll thru them. More confusion, more fear, more doubt.
9. Even if the blocked programs had a different colour that would be a start, how long would that take an ASP developer to do??? More confusion.
10. You cannot delete from the firewall allowed application list. We now have hundreds of image names accumulated over time. Unmanageable. More fear, more doubt, more worry.
11. Each policy contains the image name from all other policies. Nightmare!! We have different laptops with different applications. We separate them in to groups, and after all that, all programs from all policies appear in all other policies!!! More confusion, more fear, more doubt.
12. Can no-one out there see that over a period of time, we just end up with a great load of image names and no sanity, no ability to make sane judgements and general despair from day to day.
13. I was a developer for years. I know this is all fixable, so why all these ajaxy widgety type gimmicks??? get the basics right first and the rest will follow. Go back and review this. Show me you care McAfee!!
That will do for now.